Secure Coding Best Practices

Avoid OS Command Injection Attacks

Register for On-Demand Webinar

On-Demand Webinar

Command injection attacks execute arbitrary commands on a host operating system using the privileges of vulnerable applications. The hacker introduces operating system commands via user- supplied data such as cookies or forms. These attacks are only possible because of inadequate input validation.

Learn best practices that will protect your websites. In this webinar, Zach Jones, senior manager for static code analysis from WhiteHat Security’s Threat Research Center, shows you with real-world examples how command injection attacks work and how you can prevent them.

In this webinar we will:

  • Provide examples of vulnerable code
  • Give analysis on the types of application/functionality/languages where vulnerability is commonly found
  • Explain why web interfaces must be sanitized
  • Demonstrate the attack on a sample app and web server
  • Discuss  remediation strategies

WhiteHat Security has extensive experience working with customers to identify and fix the latest web application vulnerabilities. Join us to gain a deeper understanding of common web application vulnerabilities, get expert technical advice on defensive tactics, and learn best practices to safeguard your apps from being exploited.

Upcoming topics for WhiteHat Secure Coding webinars will include:

  • Denial of Service (Availability.Stream.Readline, Availability.Stream.Readfile, Availability.Regex.Dos)
  • Application Misconfiguration (Error.Information.Disclosure, Error.Handler.Global)
  • Unpatched Libray

Zach Jones

Sr. Manager - TRC Static Code Analysis
WhiteHat Security