7 Validating (Data) Inputs – Part 2

Here in Chapter 7, we will continue with input validation. We will cover code injection, which enables the attacker to insert custom code into the program that it will then run. We will then take a look at command injection, which uses pre-existing code to run commands, typically in the context of a shell. We’ll discuss server-side template injection (SSTI), which is when user input is inserted in an unsafe manner in a template, resulting in remote code execution on the server. Lastly, we will cover Server-Side Request Forgery (SSRF), which exploits the server functionality to read or alter internal resources.

In this chapter, we will cover the following recipes:

Testing for code injection
Testing for command ...

Get Zed Attack Proxy Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Zed Attack Proxy Cookbook by Ryan Soper, Nestor N Torres, Ahmed Almoailu

7

Validating (Data) Inputs – Part 2

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly