|
|
(6 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | = WORK IN PROGRESS =
| + | #REDIRECT [[OS_Command_Injection_Defense_Cheat_Sheet]] |
− | | |
− | __NOTOC__
| |
− | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
| |
− | | |
− | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| |
− | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
| |
− | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
| |
− | = Introduction =
| |
− | __TOC__{{TOC hidden}}
| |
− | | |
− | This cheat sheet provides some best practice for developers to follow to avoid the risk of [[Command Injection]]<br>
| |
− | | |
− | = Introduction =
| |
− | | |
− | 1) What is Command Injection?
| |
− |
| |
− | 2) Defense against unintentional OS interaction
| |
− |
| |
− | 2a) LFI Local File Inclusion
| |
− | | |
− | 2b) RFI Remote File Inclusion
| |
− |
| |
− | 2c) Code Level injection
| |
− | * ENV variables
| |
− | * code creation
| |
− | | |
− | 3) Safe design for features where OS interaction is intentional
| |
− |
| |
− | 3a) Like safely calling ImageMagik to do image manipulation, etc
| |
− | | |
− | 3b) TBD codegen example?
| |
− | | |
− | 3c) TBD example
| |
− | | |
− | 4) Summary
| |
− | | |
− | TBD takeaway language agnostic approaches list
| |
− | TBD takeway language specific approaches list
| |
− | | |
− | = Details =
| |
− | | |
− | TBD
| |
− | | |
− | = Authors and Primary Editors =
| |
− | | |
− | Jim Manico - jim[at]owasp.org
| |
− | | |
− | Scott Davis - scott_davis[at]rapid7.com
| |
− | | |
− | == Other Cheatsheets ==
| |
− | | |
− | {{Cheatsheet_Navigation_Body}}
| |
− | | |
− | |}
| |
− | | |
− | | |
− | [[Category:Cheatsheets]]
| |