Introduction to OS Command Injections

Description: In this course, we explore OS Command Injections all the way from concepts to practice. OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out the course by setting up safe and legal lab environments that will be used for us to pentest because we will be taking a hands-on approach to learning. After our environments are ready, we go over the core concepts of OS Command Injections. Then, we apply those concepts hands-on by performing manual and automated attacks against vulnerable applications. Finally, we conclude the course by learning how to protect our apps with security controls and defensive mechanisms recommended by experts.

Duration: 1 hour 15 minutes

Difficulty: Beginner to Intermediate

Recommended pre-requisites:

  • Experience working with web applications
  • Experience with OS commands (Linux or Windows)

Topics Covered:

  • Explore the threat of OS Command injections as listed by OWASP in their top 10 web risks (Injections)
  • Follow along as we attack applications legally & safely
  • Learn defensive controls that can be applied to your applications
Christophe · September 14, 2020