This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Command Injection Defense Cheat Sheet

From OWASP
Revision as of 03:22, 9 March 2017 by Jmanico (talk | contribs) (Introduction)

Jump to: navigation, search

WORK IN PROGRESS

Cheatsheets-header.jpg

Last revision (08/09/16): 03/9/2017

Introduction

This cheat sheet provides some best practice for developers to follow to avoid the risk of Command Injection

Introduction

1) What is Command Injection?

2) Defense against unintentional OS interaction

2a) LFI Local File Inclusion

2b) RFI Remote File Inclusion

2c) Code Level injection

  • ENV variables
  • code creation

3) Safe design for features where OS interaction is intentional

3a) Like safely calling ImageMagik to do image manipulation, etc

3b) TBD codegen example?

3c) TBD example

4) Summary

TBD takeaway language agnostic approaches list TBD takeway language specific approaches list

Details

TBD

Authors and Primary Editors

Jim Manico - jim[at]owasp.org

Scott Davis - scott_davis[at]rapid7.com

Other Cheatsheets