A $10,000 security bug: Identify, exploit and effectively fix SSTI

28/01/2022

in 2016, Uber paid out $10,000 for a security bug that could result into RCE. In this live workshop, we will learn how to identify, write security tests, exploit and effectively fix this severe bug across in TypeScript, Go and Python.

Labs:

SSTI in TypeScript
SSTI in Python
SSTI in Go

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.