An Introduction to Secure Coding with Template Engines | allinfosecnews.com

May 9, 2023, 1:12 p.m. | John Simpson@veracode.com (John Simpson)

Application Security Research, News, and Education Blog www.veracode.com

Back in 2022 while browsing through lists of recently disclosed vulnerabilities, I happened upon some Adobe Commerce/Magento Open Source vulnerabilities [1], that were reported to be exploited in the wild and can be exploited to achieve remote code execution, a combination which always motivates me to take a quick look at the vulnerability. Adobe provided a simple patch file that effectively removes {{ and }} characters when encountered in input provided to two specific components and it is reasonable to …

adobe adobe commerce back browsing code code execution coding commerce exploited introduction lists magento open source remote code remote code execution secure coding template vulnerabilities

More from www.veracode.com / Application Security Research, News, and Education Blog

Speed vs Security: Striking the Right Balance in Software Development with AI 2 days, 6 hours ago | www.veracode.com

ai software artificial artificial intelligence balance +15

Veracode Advances Cloud-Native Application Security with Longbow Acquisition 2 weeks, 4 days ago | www.veracode.com

acquisition application application security cloud +22

Veracode Customers Shielded from NVD Disruptions 3 weeks, 1 day ago | www.veracode.com

analysis customers cves database +13

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix 3 weeks, 3 days ago | www.veracode.com

application blog code cross-site +16

Security Debt: A Growing Threat to Application Security 1 month ago | www.veracode.com

application application security debt development +17

A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape 1 month ago | www.veracode.com

address attack attack surface back +16

Integrating Veracode DAST Essentials into Your Development Toolchain 1 month, 2 weeks ago | www.veracode.com

application applications application security application security testing +21

The Risks of Automated Code Generation and the Necessity of AI-Powered Remediation 1 month, 2 weeks ago | www.veracode.com

ai-powered automated can code +22

Data-driven Strategies for Effective Application Risk Management in 2024 1 month, 3 weeks ago | www.veracode.com

application cisa critical cyber +23

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States

View on infosec-jobs.com

Associate DevSecOps Engineer

@ LinQuest | Los Angeles, California, United States

View on infosec-jobs.com

DORA Compliance Program Manager

@ Resillion | Brussels, Belgium

View on infosec-jobs.com

Head of Workplace Risk and Compliance

@ Wise | London, United Kingdom

View on infosec-jobs.com