3. Template Engines are:
1. Widely used by web applications for dynamically generating data.
2. These data are generated through web pages or emails.
4. What is Server Side Template Injection??
1. We are able to inject some malicious piece of code through the improper/unsafe embedded input
into the templates used
2. This may result into the execution of commands at the server side
5. What is the first step towards detecting an
SSTI?
16. Mitigations
1. Executing users’ code in a sandboxed environment to lower the risk
2. Sandboxing inside a locked down Docker container
3. Validation of input field is always one way to avoid any malicious user to enter any unethical code