Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Web Application Security > Command Injection > Flashcards

Command Injection Flashcards

1
Q

What’s a command injection attack?

A

occurs when an attacker is able to execute arbitrary system commands on a target host by manipulating input that is passed to a command execution environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When do command injection vulnerabilities typically arise?

A

when user-supplied data is not properly validated or sanitized before being used to construct a command for execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the potential consequences of command injection?

A

unauthorized access, data theft, system compromise, or even remote code execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the prevention and mitigation of command injection attacks?

A
  • Input Validation and Sanitization
    • ensure that all user-supplied input is properly validated and sanitized before being used in command execution
  • Avoid Shell Interpolation
    • rather than directly interpolating user input into system commands, use parameterized or prepared statements to separate user input from command execution
  • Whitelist Input
    • validate input against a whitelist of allowed characters or patterns, rejecting any input that deviates from the expected values
  • Input Encoding
    • apply proper input encoding to mitigate the impact of special characters that may be interpreted by the command shell
  • Principle of Least Privilege
  • Regular Security Testing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Web Application Security (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions