Discover and read the best of Twitter Threads about #webappsec

Most recents (2)

#SecurityExplained S-59: Ruby ERB SSTI

Server-Side Template Injection (SSTI) vulnerabilities occur when user-supplied data is inserted into a template and insecurely evaluated as an expression by the template engine.

#appsec #bugbountytips
[1/n 🧵]
This may allow an attacker to trick the template engine into evaluating an expression that could allow an attacker to execute system commands or get a shell
To look for template injection vulnerability, it is essential to enumerate and know if the template engine is in use.

2/n
3/n
If the application uses a template engine, the next thing is to know what language-based template injection is used and what all classes and methods are accessible that could be chained together to perform the desired action.
Read 7 tweets
#securityexplained S-32: Account Takeover Methodologies

A thread on my Account Takeover Methodologies 🧵

[1/n]

#appsec #infosec #webappsec #bugbountytips #bugbounty #hacking #Coding #security #development #securecoding #learn365 #securityexplained
[2/n]
An account takeover usually refers to gaining persistent access to the victim user's account and performing all the authentication actions as a victim would be able to do. The severity of account takeover issues is usually considered between High to Critical.
[3/n]
However, it also depends upon the complexity and likelihood of the attack.
In general, the account takeover is not a "vulnerability class" itself but an impact result of a vulnerability.
Read 27 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!