handbook/tools/3.Web-Hacking/4.Injection/OS-Commands/Notes/4.Prevent-OS-Command-Injection-Attacks.md


## Prevent OS Command Injection Attacks

- Never call out OS commands from application-layer code
- If unavoidable, do the following:
	- Validate against a whitelist of permitted values
	- Validate that the input is a number
	- Validate that th`
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Prevent OS Command Injection Attacks`

			`- Never call out OS commands from application-layer code`
			`- If unavoidable, do the following:`
			`- Validate against a whitelist of permitted values`
			`- Validate that the input is a number`
			- Validate that th`