Common Problems

• Shell Escapes

  • Programs often times will need to call an external program to perform some sort of operation that would be difficult to program, such as a search or complex processing function. If the user arguments are not heavily filtered, users may be able to execute arbitrary commands on the server.

• Authentication Passing

  • Scripts have a difficult time passing authentication between screens, given the disconnected nature of the web. (Re: HTTP) Many times authentication information will be passed in form arguments or URL strings, which opens it to disclosure or tampering.

Previous slide

Next slide

Back to first slide

View graphic version