At the end of successfully completing this challenges series, you will be able to:
Identify parsing weakness in applications that use templating engines and parsing frameworks, which developers assume such framework would take care of malicious injection attacks
Test and play with emerging attack payloads that target templating engines and parsing frameworks.
Able to re-use framework-specific payloads to bypass WAFs whose vendors may not have thought of covering third-party frameworks payloads.
With the popularity of templating engines and parsers, plain old attack payloads may be neutralized or may still work depending on how an application is developed. In this challenge series, you'll get your hands-on dirty with attacking applications with some of the most popular parsing frameworks.
How to start:
Click on your desired challenge from the left navigation panel.