Command Injection powerpoint v2003

Command Injection powerpoint v2003 - Command Injection:...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Command Injection: Antonio Paixao It is better to ask forgiveness than permission-- Grace Hopper-- Grace Hopper What is Command Injection? Extended Description Applicable Platforms Time of Introduction Common Consequences Demonstrative Examples Potential Mitigations Extra Defensive Measures (get tough); Summary Overview What is Command Injection? Command Injection occur when untrusted data is placed into data that is passed to some sort of compiler or interpreter, where the data might, if its formatted in particular way be treated as something other than data Brute force example String user_input ; String user_input ; Special_function_Sample(user_input) ; Special_function_Sample(user_input) ; user_input = fred; user_input = fred; Special_function_Sample(fred) Special_function_Sample(fred) User_input= fred);print(foo User_input= fred);print(foo Special_function_sample(fred); print(foo) Special_function_sample(fred); print(foo) What if . What if . Extended Description Command injection vulnerabilities typically occur when: Data enters the application from an untrusted source. The data is part of a string that is executed as a command by the application. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have. (huge security breach) Applicable Platforms...
View Full Document

Page1 / 20

Command Injection powerpoint v2003 - Command Injection:...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online