Re: web application call executable code to serve client req
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 14 Dec 2006 03:42:49 -0600
vincente13@xxxxxxxxx writes:
Todd H. wrote:
There certainly could be.
You'll want to scrub the daylights out of any user-supplied
data/arguments being passed to that executable via any form to make
sure you don't allow the "execute this" web request to allow users to
run arbitrary commands on the system.
And if it's taking arguments supplied by the user, you'll also want to
make sure there aren't any buffer overflow vulnerabilities in that
application via the command line arguments.
Would take note of that and is there any articles regarding this issues
on the Internet i can refer on?
Hunt down the OWASP Project and the OWASP guide, open web application
security project.
http://www.owasp.org/index.php/Guide_Table_of_Contents
Chapters 6 15 and 21 will be of most
interest to your work.
--
Todd H.
http://www.toddh.net/
.
- Follow-Ups:
- Re: web application call executable code to serve client req
- From: vincente13
- Re: web application call executable code to serve client req
- References:
- web application call executable code to serve client req
- From: vincente13
- Re: web application call executable code to serve client req
- From: Todd H.
- Re: web application call executable code to serve client req
- From: vincente13
- web application call executable code to serve client req
- Prev by Date: Re: web application call executable code to serve client req
- Next by Date: Re: HP pavilion preloaded spyware is sticky...
- Previous by thread: Re: web application call executable code to serve client req
- Next by thread: Re: web application call executable code to serve client req
- Index(es):
Relevant Pages
|
|
