secure-code-warrior-for-github[bot]
commented
4 months ago Micro-Learning Topic: OS command injection (Detected by phrase)
Matched on "Command Injection"
In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server.
Try a challenge in Secure Code Warrior
Helpful references
- OWASP Command Injection - OWASP community page with comprehensive information about command injection, and links to various OWASP resources to help detect or prevent it.
- OWASP testing for Command Injection - This article is focused on providing testing techniques for identifying command injection flaws in your applications
Tracking issue for: