Room for Escape - Scribbling Outside the Lines of Template Security

Explore a Black Hat conference talk that delves into the security vulnerabilities of Content Management Systems (CMS) and collaboration platforms. Learn about the potential risks associated with template engines, safe mode attacks, and object data sources. Discover how attackers can exploit design mode, web configurations, and unsafe decentralization in popular platforms like SharePoint. Gain insights into template API analysis, object dumpster diving, and time-of-use problems. Understand the importance of proper security measures in digital communication and collaboration tools through real-world examples and attack demonstrations. Equip yourself with knowledge to better protect your organization's content pipelines and workforce collaboration platforms.

Introduction
Security Basics
Page Filter
Server Side Components
Safe Mode
Safe Mode Attacks
Object Data Source
Validation Key
Content Management System
Access to Resources
Design Mode
Web Config
Safe Control List
MicroView Control
Side Page
Example
Attack Demo
Unsafe Decentralization
Vulnerability in SharePoint Server
Time of Use Problems
Web Part Editing
Verify Control
Template Engines
Template API
Analysis
Object Dumpster Diving
Free Marker
Summary
QA Announcement