CTF as a developer (Pt. 1): Template engines & SSTI
· 8 min read
Being a software developer is a responsibility, it’s a job where we provide secure and stable services and infrastructure to users who trust us (or trust regulations that ensure we are trustworthy).
To learn more about cybersecurity principles, and why some “best practices” matter, I decided to play some CTF challenges instead of only relying on reading articles and scrolling into OWASP top 10’s documentation.
My beginning was with HackTheBox. For some reason, some of the challenges I did had Server-side Template Injection (SSTI) vulnerabilities which I’m starting this blog series with.