Hackfest 2020

Vos préférences linguistiques ont été sauvées. Nous pensons que nous avons une bonne traduction française, mais si vous rencontrez des problèmes ou des erreurs, veuillez nous contacter !

Philippe Arteau

Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.


Votre compte twitter ou autre réseau social

https://twitter.com/h3xstream

De quel pays êtes vous?

Canada


Intervention

20 nov.
12:00
120minutes
Template Injection in Action
Philippe Arteau

Template engines are libraries mainly used to design views for web applications. Their use helps simplify common design tasks for developers. However, their use may introduce new risks when they are used in an improper way. Template injection is a vulnerability class that has emerged in 2016. The exploitation of this type of issue requires specific knowledge associated with the template library or programming language being used. Only knowing vulnerability basics is often insufficient to be effective. For these reasons, we are proposing a practical workshop with a special focus on template injection vulnerabilities. The training covers various template engines in the context of different programming languages (PHP, Python and Java) and explores how to successfully exploit them.

This workshop is a unique opportunity to have live access to vulnerable applications. The participants will receive a complete introduction to the template injection and step-by-step instructions on how to attack each exercise.

Offensive
Hackfest - Track 1