Lesson 3: Command Injection

Command Injection is a technique to take advantage of a website that is accessing the command prompt to answer the user's queries. We will learn how to perform basic Command Injection, How to protect ourselves by adopting various techniques, and lastly test ourselves to see if we have grasped the concept of Command Injection or not.

Links in the video: A note about shell commands in Python - https://docs.python.org/2/library/subprocess.html#frequently-used-arguments A guide to shell commands in Ruby - http://tech.natemurray.com/2007/03/ruby-shell-commands.html Command injection in Ruby - http://gavinmiller.io/2015/fixing-command-injection-vulnerabilities/ Command injection in Node - http://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html