17 Feb, 2023

Template Injection

Vulnerability Assessment as a Service (VAaaS)

Tests systems and applications for vulnerabilities to address weaknesses.

Template Injection is a type of security vulnerability that occurs when an attacker is able to inject code into a template file that is processed by a web application. This vulnerability arises when a web application fails to properly sanitize user input that is used to generate dynamic content, such as HTML or other templates. Attackers can exploit this vulnerability to execute arbitrary code on the server, steal sensitive data, or manipulate the behavior of the web application.

Example of vulnerable code on different programming languages:


in PHP:

				
					<?php
  $template = $_GET['template']; // User-controlled input
  include('templates/' . $template . '.php');
?>

				
			


In this PHP code, the include statement is used to include a file based on user-controlled input ($_GET['template']). If the attacker can control the value of template, they can inject malicious code into the included file.

• in Python:

				
					from jinja2 import Template

template_string = request.POST.get('template')
template = Template(template_string)
output = template.render()

				
			


In this Python code, the Jinja2 templating engine is used to render a template based on user input (request.POST.get('template')). If the attacker can control the value of template, they can inject malicious code into the rendered template.

• in Java:

				
					String template = request.getParameter("template");
String result = String.format("Welcome, %s!", template);
out.println(result);

				
			


In this Java code, user input (request.getParameter("template")) is used to construct a string that is output to the user. If the attacker can control the value of template, they can inject malicious code into the constructed string.

Examples of exploitation Template Injection

Retrieving sensitive information:
If a web application is vulnerable to Template Injection, an attacker could inject code into a template that allows them to retrieve sensitive information from the server. For example, an attacker could inject code that reads sensitive data from a file on the server and sends it back to the attacker’s own server.

Executing arbitrary code:
An attacker could inject code into a template that allows them to execute arbitrary code on the server. For example, an attacker could inject code that spawns a shell on the server, allowing the attacker to execute any command they want.

Cross-site scripting (XSS):
If a web application is vulnerable to Template Injection, an attacker could inject code into a template that allows them to execute a cross-site scripting (XSS) attack. For example, an attacker could inject code that steals user credentials or redirects the user to a malicious website.

Denial of service (DoS):
An attacker could inject code into a template that causes the web application to crash or become unresponsive, leading to a denial of service (DoS) attack. For example, an attacker could inject code that creates an infinite loop, consuming server resources and causing the application to become unresponsive.

Privilege escalation techniques for Template Injection

Exploiting a vulnerability in the underlying operating system or web application framework:
If an attacker is able to execute arbitrary code on the server through a Template Injection vulnerability, they may be able to identify and exploit other vulnerabilities in the underlying operating system or web application framework to gain escalated privileges.

Accessing sensitive configuration files:
An attacker could use a Template Injection vulnerability to access and modify sensitive configuration files on the server, such as the configuration file for a database or web server. By modifying these files, the attacker may be able to gain escalated privileges.

Accessing other user accounts:
If the web application runs as a privileged user or service account, an attacker could use a Template Injection vulnerability to access or modify other user accounts on the system, potentially gaining escalated privileges.

Exploiting weak file permissions:
If the file permissions on the web application or its associated files are weak, an attacker may be able to modify critical files on the server, such as those related to user authentication or authorization. By modifying these files, the attacker could gain escalated privileges.

General methodology and checklist for Template Injection

Methodology:

  1. Identify the templating engine: The first step in testing for Template Injection vulnerabilities is to identify the templating engine being used by the web application. Some common templating engines include Twig, Jinja2, and Smarty.

  2. Understand the syntax and behavior of the templating engine: Once the templating engine has been identified, it’s important to understand the syntax and behavior of the engine. This can be done by reading the documentation and experimenting with the templating language to see how it handles user input.

  3. Identify points of user input: The next step is to identify points in the web application where user input is being used to generate dynamic content. This could include form inputs, query parameters, or cookies.

  4. Test for injection: Once points of user input have been identified, it’s important to test these inputs for injection vulnerabilities. This can be done by injecting code into the input and observing the resulting output to see if the injected code is executed.

  5. Test for context-specific filters: Many templating engines include filters or other mechanisms for escaping user input in specific contexts. It’s important to test for the presence of these filters and ensure that they are being used correctly to prevent injection vulnerabilities.

  6. Automate testing: Testing for Template Injection vulnerabilities can be a time-consuming process, especially for large or complex web applications. It can be helpful to use automated tools such as static analysis tools or vulnerability scanners to assist with the testing process.

  7. Validate findings: Once potential vulnerabilities have been identified, it’s important to validate the findings by attempting to exploit the vulnerability and verifying that it can be used to execute arbitrary code or access sensitive information.

Checklist:

  1. Identify the templating engine: Determine which templating engine is being used by the web application, such as Twig, Jinja2, or Smarty.

  2. Understand the templating engine syntax: Gain an understanding of the templating engine’s syntax and how it works by reviewing the documentation or experimenting with the language.

  3. Identify points of user input: Identify any areas where user input is used to generate dynamic content, such as form inputs, query parameters, or cookies.

  4. Test for injection: Attempt to inject code into these areas of user input and observe the resulting output to see if the injected code is executed.

  5. Test for context-specific filters: Determine if the templating engine has any built-in filters or other mechanisms for escaping user input in specific contexts, and ensure that they are being used correctly to prevent injection vulnerabilities.

  6. Check for other security measures: Verify that other security measures, such as input validation and output encoding, are being used to prevent injection attacks.

  7. Use automated tools: Consider using automated tools, such as static analysis tools or vulnerability scanners, to assist in the testing process and identify potential vulnerabilities.

  8. Verify findings: Attempt to exploit any potential vulnerabilities that are identified to verify that they can be used to execute arbitrary code or access sensitive information.

  9. Check for privilege escalation: Look for potential methods of privilege escalation that could be used to escalate access on the server, such as accessing sensitive configuration files or modifying file permissions.

  10. Regularly retest: Regularly retest the web application for Template Injection vulnerabilities, as new vulnerabilities may be introduced over time as the application evolves.

Tools set for exploiting Template Injection

Manual tools:

  • Burp Suite: A web application testing tool that can be used to manually test for Template Injection vulnerabilities. It includes an intercepting proxy and a variety of other features for manual testing.

  • OWASP ZAP: An open-source web application security testing tool that can be used to manually test for Template Injection vulnerabilities. It includes a variety of features for manual testing, such as an intercepting proxy and a variety of scanners.

  • Postman: A popular API testing tool that can be used to manually test for Template Injection vulnerabilities in API endpoints. It includes a variety of features for manual testing, such as sending HTTP requests and inspecting responses.

  • Insomnia: Another popular API testing tool that can be used to manually test for Template Injection vulnerabilities in API endpoints. It includes a variety of features for manual testing, such as sending HTTP requests and inspecting responses.

  • Python requests library: A popular Python library that can be used to manually test for Template Injection vulnerabilities in web applications. It includes features for sending HTTP requests and inspecting responses.

Automated tools:

  • tplmap: An open-source tool for automatically testing for Template Injection vulnerabilities in web applications. It includes a variety of features for automatically identifying and exploiting Template Injection vulnerabilities.

  • Commix: An open-source tool for automatically testing for a variety of injection vulnerabilities in web applications, including Template Injection. It includes a variety of features for automatically identifying and exploiting injection vulnerabilities.

  • sqlmap: An open-source tool for automatically testing for SQL injection vulnerabilities in web applications, but also has a feature for identifying and exploiting Template Injection vulnerabilities.

  • XSStrike: An open-source tool for automatically testing for a variety of web application vulnerabilities, including Template Injection. It includes a variety of features for automatically identifying and exploiting injection vulnerabilities.

  • Skipfish: An open-source web application security testing tool that can automatically identify a variety of web application vulnerabilities, including Template Injection.

  • Vega: An open-source web application security testing tool that can automatically identify a variety of web application vulnerabilities, including Template Injection.

  • Nikto: An open-source web server scanner that can be used to automatically identify a variety of web application vulnerabilities, including Template Injection.

  • Arachni: An open-source web application security testing tool that can automatically identify a variety of web application vulnerabilities, including Template Injection.

  • Grabber: An open-source web application scanner that can be used to automatically identify a variety of web application vulnerabilities, including Template Injection.

  • Acunetix: A commercial web application scanner that can automatically identify a variety of web application vulnerabilities, including Template Injection.

  • AppScan: A commercial web application scanner that can automatically identify a variety of web application vulnerabilities, including Template Injection.

  • Netsparker: A commercial web application scanner that can automatically identify a variety of web application vulnerabilities, including Template Injection.

Browser plugins:

  • Hackbar: A browser plugin for Firefox that can be used to manually test for Template Injection vulnerabilities by injecting custom payloads.

  • Tamper Data: A browser plugin for Firefox that can be used to manually test for Template Injection vulnerabilities by intercepting and modifying HTTP requests and responses.

  • Web Developer: A browser plugin for Firefox and Chrome that includes a variety of features for testing web applications, including the ability to modify HTTP requests and responses.

  • Burp Suite Proxy: A browser plugin for Chrome that integrates the Burp Suite intercepting proxy directly into the browser.

  • OWASP ZAP Proxy: A browser plugin for Firefox that integrates the OWASP ZAP intercepting proxy directly into the browser.

Average CVSS score of stack Template Injection

The Common Vulnerability Scoring System (CVSS) score for a Template Injection vulnerability can vary depending on the specific context and severity of the vulnerability. However, Template Injection vulnerabilities are generally considered to be high or critical severity vulnerabilities.

According to the National Vulnerability Database (NVD), the average CVSS score for Template Injection vulnerabilities is currently 7.5 out of 10, which is considered a high-severity vulnerability. However, it’s important to note that the CVSS score can vary depending on the specific details of the vulnerability, such as the type of template engine being used, the extent of the injection, and the potential impact on the system.

It’s also worth noting that CVSS is just one way to assess the severity of a vulnerability, and it’s important to consider other factors such as the likelihood of exploitation and the potential impact to the organization when assessing the overall risk of a vulnerability.

The Common Weakness Enumeration (CWE)

CWE-94: Improper Control of Generation of Code (‘Code Injection’) This CWE is related to the generation of code by an application in an unsafe manner, which can lead to code injection attacks. When an application allows untrusted user input to influence the generated code, an attacker can inject malicious code into the application’s code stream and execute it. This can lead to a variety of attacks, including data theft, privilege escalation, and remote code execution.

CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) This CWE is related to PHP applications that use the include/require statement to import external code. When an attacker can control the filename that is passed to the include/require statement, they can inject their own code into the application and execute it. This can lead to a range of attacks, including data theft, privilege escalation, and remote code execution.

CWE-116: Improper Encoding or Escaping of Output This CWE is related to the output of data from an application that is not properly encoded or escaped. When an application fails to properly encode or escape user input that is displayed in the application’s output, an attacker can inject malicious code into the output and execute it. This can lead to a range of attacks, including cross-site scripting (XSS) attacks and data theft.

CWE-118: Improper Access of Indexable Resource (‘Range Error’) This CWE is related to applications that access indexable resources, such as arrays or strings, in an unsafe manner. When an application allows untrusted user input to influence the index values of these resources, an attacker can cause the application to read or write data outside the bounds of the resource. This can lead to a range of attacks, including data theft, privilege escalation, and remote code execution.

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer This CWE is related to buffer overflow vulnerabilities that can be exploited through Template Injection. When an application fails to properly restrict the operations performed within a memory buffer, an attacker can overwrite adjacent memory locations and execute arbitrary code. This can lead to a range of attacks, including data theft, privilege escalation, and remote code execution.

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) This CWE is related to buffer overflow vulnerabilities that can be exploited through Template Injection. When an application copies data from an untrusted source into a buffer without first checking the size of the data, an attacker can overwrite adjacent memory locations and execute arbitrary code. This can lead to a range of attacks, including data theft, privilege escalation, and remote code execution.

CWE-123: Write-what-where Condition This CWE is related to applications that write data to a memory location that they should not have access to. When an application writes data to an arbitrary memory location, an attacker can modify critical data or execute arbitrary code. This can lead to a range of attacks, including data theft, privilege escalation, and remote code execution.

CWE-128: Wrap-around Error This CWE is related to applications that perform calculations using integer values that can wrap around to a negative value, causing unexpected behavior. When an application fails to properly handle wrap-around errors, an attacker can exploit this behavior to modify critical data or execute arbitrary code. This can lead to a range of attacks, including data theft, privilege escalation, and remote code execution.

CWE-129: Improper Validation of Array Index This CWE is related to applications that use an untrusted value to index an array or other data structure. When an application fails to properly validate the index value, an attacker can cause the application

Top 10 CVES related to Template Injection

CVE-2022-4300 – A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability.

CVE-2022-4282 – A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.

CVE-2022-42121 – A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template’s ‘Name’ field.

CVE-2022-39365 – Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.

CVE-2022-36799 – This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.

CVE-2022-34771 – Tabit – arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system – the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP.

CVE-2022-34625 – Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.

CVE-2022-32101 – kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.

CVE-2022-29078 – The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVE-2022-27662 – On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Template Injection exploits

  • {{7*7}}: This is a simple exploit that demonstrates how template injection can be used to execute arbitrary code. In this case, the code being executed is simply a mathematical calculation (49).

  • {{config.items()}}: This exploit retrieves the configuration settings of a target application by calling the ‘items’ function of the config object.

  • {{request.application}}: This exploit retrieves the name of the application being targeted by calling the ‘application’ property of the request object.

  • {% for x in ().class.base.subclasses() %}{{x}}{% endfor %}: This exploit demonstrates how the template engine can be used to iterate over the subclasses of the ‘object’ class in Python, allowing attackers to identify vulnerable targets.

  • {{self.request.class.mro[1].subclasses()}}: This exploit retrieves a list of all the subclasses of the ‘RequestHandler’ class in the Tornado web framework.

  • {{self.class.mro[1].subclasses()}}: This exploit retrieves a list of all the subclasses of the current class in Python.

  • {% import os %}{{os.popen(‘whoami’).read()}}{% endimport %}: This exploit imports the ‘os’ module and runs the ‘whoami’ command to retrieve the username of the current user.

  • {% set cmd = ‘ls’ %} {% set output = execute(cmd) %} {{output}}: This exploit sets a command to be executed (in this case, ‘ls’) and then calls a function called ‘execute’ to run the command and return the output.

  • {{system(‘cat /etc/passwd’)}}: This exploit uses the ‘system’ function to execute a command and return the output. In this case, the command being executed is ‘cat /etc/passwd’, which retrieves the contents of the password file on a Unix-like system.

  • {% for c in [request.form.keys()] %} {{c}} {% endfor %}: This exploit retrieves the names of all the form fields submitted by the user by iterating over the keys of the ‘form’ object in Flask.

Practicing in test for Template Injection

  1. Install an intentionally vulnerable web application like DVIA or OWASP Mutillidae and use a tool like Burp Suite or ZAP to identify instances of Template Injection. Try injecting code and see if it is executed.

  2. Use a vulnerable virtual machine like WebGoat or Metasploitable and try to identify instances of Template Injection by manually browsing the application and looking for areas where user input is used to generate templates.

  3. Create a simple web application that accepts user input and uses a template engine to generate output. Intentionally leave a vulnerability that allows for Template Injection, and then try to exploit the vulnerability yourself by injecting code.

  4. Look for online CTFs or bug bounty programs that offer rewards for finding instances of Template Injection vulnerabilities. These can be a great way to get practice in a more realistic setting.

  5. Read through documentation and tutorials on popular template engines like Jinja2, Smarty, and Twig to understand how they work and what types of vulnerabilities they may be susceptible to.

For study Template Injection

The OWASP Top 10 – A1: Injection:
This is a comprehensive guide to web application security that covers common vulnerabilities including Template Injection.

PortSwigger Web Security Academy:
This free online resource offers a variety of labs and exercises on web application security, including topics like Template Injection.

The Flask Mega-Tutorial:
This is a free online tutorial that covers the Flask web framework in detail, including how to use the Jinja2 template engine and how to avoid common security pitfalls.

The Jinja2 Template Designer Documentation:
This is the official documentation for the Jinja2 template engine, which is commonly used in web applications. It includes a section on security considerations and best practices.

The Twig Template Documentation:
This is the official documentation for the Twig template engine, which is used in many popular PHP frameworks. It includes a section on security and how to avoid vulnerabilities like Template Injection.

The Smarty Template Engine Documentation:
This is the official documentation for the Smarty template engine, which is used in many popular PHP applications. It includes a section on security and how to avoid vulnerabilities like Template Injection.

Security-Focused Code Reviews – A Guide:
This guide from the National Cybersecurity Center of Excellence includes a section on detecting and preventing Template Injection vulnerabilities.

Books with review of Template Injection

“Web Application Vulnerabilities: Detect, Exploit, Prevent” by Steven Palmer: This book covers a variety of web application vulnerabilities, including Template Injection, and provides guidance on how to detect and prevent them.

“Hacking Web Applications: The Art of Hacking Series” by Dafydd Stuttard and Marcus Pinto: This book covers a wide range of web application security topics, including Template Injection and how to exploit it.

“The Tangled Web: A Guide to Securing Modern Web Applications” by Michal Zalewski: This book covers a variety of web application security topics, including common vulnerabilities like Template Injection, and provides guidance on how to defend against them.

“The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws” by Dafydd Stuttard and Marcus Pinto: This book provides an in-depth look at web application security, including a section on Template Injection and how to exploit it.

“Black Hat Python: Python Programming for Hackers and Pentesters” by Justin Seitz: This book covers a variety of topics related to hacking and penetration testing, including how to exploit Template Injection vulnerabilities.

“Gray Hat Python: Python Programming for Hackers and Reverse Engineers” by Justin Seitz: This book covers a variety of advanced hacking and reverse engineering topics, including a section on exploiting Template Injection vulnerabilities.

“Python Web Penetration Testing Cookbook: Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing” by Cameron Buchanan: This book provides practical guidance on how to test web applications for vulnerabilities like Template Injection, and includes sample code and scripts.

“Penetration Testing: A Hands-On Introduction to Hacking” by Georgia Weidman: This book provides an introduction to penetration testing, including a section on web application security and common vulnerabilities like Template Injection.

“Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast” by Paco Hope and Ben Walther: This book provides guidance on how to test web applications for security vulnerabilities, including a section on detecting and exploiting Template Injection.

“Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide” by Lee Allen: This book provides an in-depth look at advanced penetration testing techniques, including a section on exploiting Template Injection vulnerabilities.

List of payloads Template Injection

Here are some example payloads that can be used for testing Template Injection vulnerabilities:

  1. {{7*7}}
  2. {{7**7}}
  3. {{config.items()}}
  4. {{os.system(‘id’)}}
  5. {{request.headers}}
  6. {{request.application}}
  7. {{self}}
  8. {{self.request}}
  9. {{self.session}}
  10. {{self.settings}}
  11. {{self.get_secure_cookie(‘admin’)}}
  12. {{self.current_user}}
  13. {{self.application}}
  14. {{self.get_argument(‘password’)}}
  15. {{self.get_body_argument(‘username’)}}
  16. {{self.request.headers}}
  17. {{self.request.uri}}
  18. {{self.request.arguments}}
  19. {{self.request.path}}
  20. {{self.request.method}}

How to be protected from Template Injection

  1. Input validation: Validate user input to ensure that it is of the expected data type and format, and that it does not contain unexpected characters or syntax.

  2. Use a safe templating engine: Use a templating engine that has built-in protections against Template Injection, such as Jinja2, Twig, or Handlebars.

  3. Limit template access: Limit the access that templates have to system resources, and restrict the permissions of the user running the template engine.

  4. Use secure coding practices: Follow secure coding practices, such as input sanitization, output encoding, and access control, to prevent the injection of malicious code.

  5. Keep software up to date: Keep your software and libraries up to date with the latest security patches and updates to prevent known vulnerabilities from being exploited.

  6. Monitor for suspicious activity: Monitor your application for suspicious activity, such as unexpected behavior or unusual traffic patterns, and investigate any potential security threats.

  7. Use a web application firewall: Use a web application firewall that can detect and prevent Template Injection attacks, and configure it to block any suspicious requests.

Mitigations for Template Injection

  1. Input validation: Validate user input to ensure that it is of the expected data type and format, and that it does not contain unexpected characters or syntax.

  2. Use a safe templating engine: Use a templating engine that has built-in protections against Template Injection, such as Jinja2, Twig, or Handlebars.

  3. Input sanitization: Sanitize input data to remove any potentially harmful characters or code, and convert it to a safe format before passing it to the templating engine.

  4. Output encoding: Use output encoding to prevent any user input from being executed as code, and to prevent malicious code from being injected into the response.

  5. Access control: Restrict access to the templating engine and any related resources to only authorized users, and limit the permissions of the user running the templating engine.

  6. Keep software up to date: Keep your software and libraries up to date with the latest security patches and updates to prevent known vulnerabilities from being exploited.

  7. Monitor for suspicious activity: Monitor your application for suspicious activity, such as unexpected behavior or unusual traffic patterns, and investigate any potential security threats.

  8. Use a web application firewall: Use a web application firewall that can detect and prevent Template Injection attacks, and configure it to block any suspicious requests.

Conclusion

Template Injection is a vulnerability that occurs when an attacker is able to inject malicious code into a template engine, which can then be executed as part of the application’s output. This type of vulnerability can lead to serious consequences, including the theft of sensitive data, the execution of arbitrary code, and the takeover of the entire system.

To protect against Template Injection, it’s important to follow secure coding practices, such as input validation, output encoding, and access control, and to use a safe templating engine that has built-in protections against this type of vulnerability. Additionally, it’s important to keep your software up to date with the latest security patches and updates, and to monitor your application for suspicious activity.

Other Services

Ready to secure?

Let's get in touch