all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploring Basics and Best Practices of Server-Side Template Injection (SSTI) Vulnerability

Add to bookmarks
Nov. 29, 2023, 12:16 p.m. | Venkata Sai Manikanta Manugula

System Weakness - Medium systemweakness.com

Why do we need Server-Side templates?

Let’s consider a scenario where a developer would like to display a custom error message instead of a generic error when a user attempts to access a non-existent web page. In general, the developer might have to create separate pages for each error message, but this can be simplified incase if we leverage server-side templates. With server-side templates, the developer can easily separate the code that decides the error message from the code that …

access application security basics best practices developer display error general injection message non owasp page practices scenario server ssti template template injection vulnerability web web application security web development

Visit resource

More from systemweakness.com / System Weakness - Medium

The Future of Programming: A Look at Emerging Languages Shaping Software Development 1 day, 21 hours ago | systemweakness.com
address article changing development +14
Cyber Detectives Unite: Advanced Tools for Web Security 1 day, 21 hours ago | systemweakness.com
bug bounty computer science cybersecurity ethical hacking +1
Mittre Att&ck‘s User Manual 2 days, 17 hours ago | systemweakness.com
adversary amp att attacks +22
Unveiling the Hidden: A Guide to Passive Subdomain Enumeration 2 days, 17 hours ago | systemweakness.com
bug bounty hacking security technology +1
Limit Requests to EC2 Instances to Cloudflare Only IPs 2 days, 17 hours ago | systemweakness.com
aws aws lambda cloudflare security +1
Canary Codes for Curious Minds 2 days, 17 hours ago | systemweakness.com
canary tokens hacking ip address location +1
Zero Trust Network Access 3 days, 15 hours ago | systemweakness.com
least privilege microsegmentation network security virtual private network +1
Ransomware-as-a-Service: Democratizing Digital Destruction and How to Fortify Your Defenses 3 days, 15 hours ago | systemweakness.com
as-a-service attacks businesses critical +24
Detecting Mobile Threats: Indicators of Compromise 3 days, 15 hours ago | systemweakness.com
business compromise continue cybersecurity +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs