Command Injection Defense Cheat Sheet



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- Last revision (08/09/16): //
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

= Introduction =

This cheat sheet provides some best practice for developers to follow to avoid the risk of Command Injection

= Introduction =

1) What is Command Injection? 2) Defense against unintentional OS interaction 2a) LFI Local File Inclusion

2b) RFI Remote File Inclusion 2c) Code Level injection
 * ENV variables
 * code creation

3) Safe design for features where OS interaction is intentional 3a) Like safely calling ImageMagik to do image manipulation, etc

3b) TBD codegen example?

3c) TBD example

4) Summary

TBD takeaway language agnostic approaches list TBD takeway language specific approaches list

= Details =

TBD

= Authors and Primary Editors =

Jim Manico - jim[at]owasp.org

Scott Davis - scott_davis[at]rapid7.com

Other Cheatsheets

 * }