Add 4.8.19 Server-Side Template Injection SSTI (OTG-INPVAL-019)

OWASP / wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

https://owasp.org/www-project-web-security-testing-guide/

Creative Commons Attribution Share Alike 4.0 International

7.29k stars 1.32k forks source link

Add 4.8.19 Server-Side Template Injection SSTI (OTG-INPVAL-019) #64

Closed jzold closed 5 years ago

jzold commented 5 years ago

New content proposed for the input validation section of OWASP

Please let me know your thoughts

Thanks J./

ManhNho commented 5 years ago

I will handle this test case next week

jzold commented 5 years ago

Thanks @ManhNho :)

jzold commented 5 years ago

hi @ManhNho any progress on this one?

Thanks J./

ThunderSon commented 5 years ago

@jzold what proposed content is being discussed in this issue? Or are you talking in general? The issue feels like it could have a better description.

jzold commented 5 years ago

@ThunderSon this is new content proposed to the OWASP document - I think the description is clear enough: 'Add 4.8.19 Server-Side Template Injection SSTI (OTG-INPVAL-019)'

any other questions please let me know

J./

ThunderSon commented 5 years ago

Oh! Forgive me, I thought you were amending an existing section. Do you have any references that you'll be following? I can say it'd be safe for you to tackle it if you feel like you have the time for it, as I don't see any PR or extra document in @ManhNho 's fork.

jzold commented 5 years ago

the action is with @ManhNho at this stage let's wait his feedback for now - just because there is nothing in his fork he might still be working on the draft somewhere outside of GitHub.

@ManhNho please confirm

Thanks J./