handbook/tools/3.Web-Hacking/4.Injection/OS-Commands/Notes/4.Prevent-OS-Command-Injection-Attacks.md at main - x/handbook - Coding everything, everywhere, anytime.

x/handbook

Anton Nesterov af9011411c

vault backup: 2024-08-31 01:07:21

2024-08-31 01:07:22 +02:00

253 B

Raw Permalink Blame History

Prevent OS Command Injection Attacks

Never call out OS commands from application-layer code
If unavoidable, do the following:
- Validate against a whitelist of permitted values
- Validate that the input is a number
- Validate that th`