"What is Server-Side Template Injection?" | Security Engineer Interview Questions

Injection vulnerabilities are some of the most pernicious and critical vulnerabilities used to attack web applications and their servers. In this video, AppSecEngineer instructor Abhay Bhargav answers the question: "What is a server-side template injection?"

In a #Serversidetemplateinjection, user data "intermingles with the templating system and is treated as executable code by it." By not separating user data from executable code, you get injection flaws.

He even takes you through a detailed explanation using a hands-on lab from one of our courses!

Check out the course here: https://appsecengineer.com/product/injections-xxe-insecure-deserialization/

▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬

0:00 - Intro 0:53- What are Injection flaws? 1:45- Example of template Injection 2:15- What is Server-Side Template Injection? 2:54- Impact of Server-side Template Injection (SSTI) 4:20- Interactive Appsec Lab 4:39- Using Pug (templating system) 6:38- TPL map tool usage

AppSecEngineer is a powerful training platform that delivers amazing hands-on training on #AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.

#AppSecEngineer​ is ideal for job seekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers

Learn more about our AppSec courses: https://appsecengineer.com/application-security-courses/ Twitter: https://twitter.com/AppSecEngineer​ Linkedin: https://www.linkedin.com/company/appsecengineer/ ... https://www.youtube.com/watch?v=-DsPlEG33EE