Specialized Testing: Command Injection

Focused View

Michael Edie

1:02:28

81 View

1. Course Overview

1. Course Overview.mp4

01:16

2. Exploring Command Injection Attacks

1. Introduction.mp4

02:01

2. Shell Metacharacters.mp4

04:08

3. Anatomy of an Attack.mp4

04:56

3. Discovering Command Injection

1. Demo - Code Review.mp4

05:14

2. Demo - Finding Entry Points.mp4

04:17

3. Demo - Manual Testing.mp4

10:54

4. Demo - Automated Testing.mp4

07:26

4. Mitigating Command Injection Attacks

1. Input Sanitization and Validation.mp4

06:19

2. Principle of Least Privilege.mp4

03:36

3. Using Technical Controls.mp4

03:05

4. Demo - Implementing Mitigations.mp4

09:16

Description

Poor web application security hygiene can lead to total network compromise. This course will teach you to identify the vectors and techniques threat actors use to gain access to networks and systems using command injection.

What You'll Learn?

According to the globally recognized Open Web Application Security Project (OWASP), command injection is among the top three critical web application vulnerabilities that allow attackers to gain control over systems where they can attack infrastructure, steal information, and many other malicious actions. In this course, Specialized Testing: Command Injection, you’ll learn to identify, test, and mitigate vectors and techniques threat actors use to perform command injection. First, you’ll explore the mechanics of command injection. Next, you’ll discover how to find and test vulnerable web application entry points for command injection. Finally, you’ll learn how to deploy mitigation strategies. When you’re finished with this course, you’ll have the skills and knowledge of testing for command injection needed to audit web applications.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Network Security

Computer Network

Cyber Security Awareness

Network Engineering

Network Monitoring

Michael Edie

Instructor's Courses

Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://blog.edie.io and projects at https://github.com/tankmek. He is the Executive Director and Co-Founder of smashthestack.org, a software vulnerability, and exploitation educational platform. Additionally, Michael has volunteered to speak at local nonprofits such as the Cyber Discovery Group (CDG) and NERD Nights. Outside the technical domain, he enjoys spending time with his wife and kids, motorcycling, cryptocurrency, and chess.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.