Specialized Testing: Command Injection
by Michael Edie
Poor web application security hygiene can lead to total network compromise. This course will teach you to identify the vectors and techniques threat actors use to gain access to networks and systems using command injection.
What you'll learn
According to the globally recognized Open Web Application Security Project (OWASP), command injection is among the top three critical web application vulnerabilities that allow attackers to gain control over systems where they can attack infrastructure, steal information, and many other malicious actions. In this course, Specialized Testing: Command Injection, you’ll learn to identify, test, and mitigate vectors and techniques threat actors use to perform command injection. First, you’ll explore the mechanics of command injection. Next, you’ll discover how to find and test vulnerable web application entry points for command injection. Finally, you’ll learn how to deploy mitigation strategies. When you’re finished with this course, you’ll have the skills and knowledge of testing for command injection needed to audit web applications.
About the author
Michael is a Senior Security Consultant with 10+ years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends. He is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates s... moreecurity systems for clients. Additionally, he serves as the Executive Director and Co-Founder of SmashTheStack, a prominent educational platform focused on ethical hacking. Michael's role as a Cybersecurity Author at Pluralsight exemplifies his dedication to sharing knowledge. His commitment to advancing the security industry is further demonstrated through his engaging technical presentations at security events like BSIDES, ISSA, and Hacker Halted. Michael’s ability to effectively communicate complex security concepts and share his expertise with others has made him a sought-after speaker in the cybersecurity community. By sharing his extensive knowledge and insights, Michael empowers fellow professionals and enthusiasts to stay informed, embrace innovation, and elevate their security practices. Beyond work, he volunteers to support youth cyber education through CyberPatriot. Connect with him today to experience his expertise and passion firsthand.