Command injection vulnerabilities take advantage of the fact that instructions and data are often mixed within programs. This course demonstrates how command injection vulnerabilities can be exploited by an attacker, what to look out for and how to write code that is immune to this type of attack.
Introduction to Command InjectionDuration: 1:40
This video provides an introduction to the command injection course.
Introduction to DataDuration: 6:23
This video covers the fundamentals of how data and code are handled in many execution environments.
Command InjectionDuration: 5:26
This video describes how command injection vulnerabilities can make an application vulnerable to attack.
Command Injection ExploitationDuration: 4:08
This video describes how command injection vulnerabilities can be exploited by an attacker.
Command Injection Case StudyDuration: 4:34
This video describes a case study of an application vulnerable to command injection.
Command Injection MitigationsDuration: 9:49
This video describes mitigations for command injection vulnerabilities.
Command Injection DemoDuration: 7:42
This video demonstrates exploitation of a command injection vulnerability.
Meet the author
Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security. He can be reached by email at firstname.lastname@example.org or via his website at https://www.howardposton.com.
You're in good company
"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had."
"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."
"I’ve taken five boot camps with Infosec and all my instructors have been great."