|
|
| (5 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | = WORK IN PROGRESS =
| + | #REDIRECT [[OS_Command_Injection_Defense_Cheat_Sheet]] |
| − | | |
| − | __NOTOC__
| |
| − | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
| |
| − | | |
| − | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| |
| − | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
| |
| − | Last revision (08/09/16): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
| |
| − | | |
| − | = Introduction =
| |
| − | __TOC__{{TOC hidden}}
| |
| − | | |
| − | This cheat sheet provides some best practice for developers to follow to avoid the risk of [[Command Injection]]<br>
| |
| − | | |
| − | = Introduction =
| |
| − | | |
| − | 1) What is Command Injection?
| |
| − |
| |
| − | 2) Defense against unintentional OS interaction
| |
| − |
| |
| − | 2a) LFI Local File Inclusion
| |
| − | | |
| − | 2b) RFI Remote File Inclusion
| |
| − |
| |
| − | 2c) Code Level injection
| |
| − | * ENV variables
| |
| − | * code creation
| |
| − | | |
| − | 3) Safe design for features where OS interaction is intentional
| |
| − |
| |
| − | 3a) Like safely calling ImageMagik to do image manipulation, etc
| |
| − | | |
| − | 3b) TBD codegen example?
| |
| − | | |
| − | 3c) TBD example
| |
| − | | |
| − | 4) Summary
| |
| − | | |
| − | TBD takeaway language agnostic approaches list
| |
| − | TBD takeway language specific approaches list
| |
| − | | |
| − | = Details =
| |
| − | | |
| − | TBD
| |
| − | | |
| − | = Authors and Primary Editors =
| |
| − | | |
| − | Jim Manico - jim[at]owasp.org
| |
| − | | |
| − | Scott Davis - scott_davis[at]rapid7.com
| |
| − | | |
| − | == Other Cheatsheets ==
| |
| − | | |
| − | {{Cheatsheet_Navigation_Body}}
| |
| − | | |
| − | |}
| |
| − | | |
| − | | |
| − | [[Category:Cheatsheets]]
| |
