Injection flaws enable attackers to execute unauthorized commands within web applications and on the back-end infrastructure. In this video, learn how to test for injection flaws.
- [Instructor] The most significant risks … in the OWASP Top 10 list are injection flaws. … When an attacker sends untrusted data … to a backend interpreter, … something like an OS command line interpreter … or a database or an LDAP directory, … that interpreter has to decide what to do with that data. … The only problem is that interpreters can't decide. … That's not their job. … If they receive a command, they're going to act on it. … That's why it's so important for developers … to make sure that the only commands … that actually make it to those interpreters … Attackers seeking to exploit injection flaws … are going to go after any and every part … of the application that looks like it interacts … with an interpreter on the backend. … Common attack vectors include environment variables, … application parameters, web services, … and even the users themselves. … If an application allows users to enter data, … and let's face it, most of them do, then they're at risk. … Developers can only control so much. …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.