Server Side Request Forgery, or SSRF, is a recently publicized chain of vulnerabilities which primarily result in a web application server acting as a proxy and can then be used to make (spoof) connections to external servers or resources through a vulnerable web application. This might sound a bit confusing at first but it's very easy to grasp; the attacker sends a request to the web application which, in return, passes on the request to external servers without enforcing proper checks on the attacker's request. It's extremely common to see a web application these days which fetches data in the form of images, videos, and documents through the use of user-supplied URLs. This forms the basis of SSRF in which the user-supplied URL source is not properly sanitized, or output of the response is so verbose that it can be used as an indicator to achieve different kinds of SSRF attacks, such as port scanning.
Although for the sake of defining SSRF I have used the term...