Server-Side Request Forgery (SSRF)
A defect where an application fetches an attacker-supplied URL, letting them reach internal services, cloud metadata, or link-local ranges.
InfraGlossary
Page 2 of 2 · 16 terms
Server-Side Template Injection (SSTI)
An injection defect where user input reaches a server-side template engine, letting the attacker evaluate expressions and often escalate to RCE.
InjectionSQL Injection (SQLi)
An injection flaw where attacker-controlled input is concatenated into a SQL statement, letting the attacker read, modify, or exfiltrate database content.
InjectionStatic Application Security Testing (SAST)
White-box analysis that reads source code, bytecode, or IR to flag insecure patterns without executing the application.
AppSecVulnerability Assessment and Penetration Testing (VAPT)
A combined engagement that pairs breadth-first vulnerability scanning with depth-first penetration testing to produce a catalog and a proof set.
AppSecXML External Entity (XXE)
A defect in XML parsers that dereference external entity declarations, letting attackers read local files, trigger SSRF, or exhaust resources.
Injection