Loading…
← Back to schedule
Server Side Template Injections For Everyone
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
Server Side Template Injection (SSTI) is a web vulnerability that can be hard to spot, but leads to critical consequences when exploited.  While this class of vulnerability has been documented for more than a decade, new research is constantly demonstrating that this is not a solved problem.  New techniques for finding and exploiting SSTI vulnerabilities made the #1 spot for the 2025 top web security vulnerability rankings.

This presentation will cover how to discover SSTI vulnerabilities (even "blind" ones), and how these can be exploited to gain full code execution on the underlying server.  No existing knowledge needed, SSTI's for everyone!
Speakers
avatar for Wesley Wineberg

Wesley Wineberg

Hacker
Wesley Wineberg is a full time bug bounty hunter, and has over 15 years experience working in information security.  Wes has had various security roles during his career, covering everything from web apps to hardware security but primarily enjoys the offense side of security.
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk
Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Meeting Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link