Preventing injection attacks
Injection attacks are one of the top vulnerabilities in any web application but especially in IoT systems. In fact, injection has been rated in the top 2 of the OWASP Top 10 since 2010. There are many types of injection attacks such as operating system (OS) command injection, cross-site scripting (for example, JavaScript injection), SQL injection, log injection, as well as others such as expression language injection. In IoT and embedded systems, the most common types of injection attacks are OS command injection; when an application accepts an untrusted user input and passes that value to perform a shell command without input validation or proper escaping and cross-site scripting (XSS). This recipe will show you how to mitigate command injection attacks by ensuring all untrusted data and user input is validated, sanitized, and alternative safe functions are used.
How to do it...
Command injection vulnerabilities are not difficult to test for statics and dynamics...