Secure Programming Lecture 8: Injection

You should read about the Common Weakness Enumeration and explore some of the hierarchy.

The main CWE site is hosted at cwe.mitre.org
Look at the CWE master plan
See the CWE structures visualised at cveviz.org
See the partial mapping of CVEs to CWEs graphed at nvd.nist.gov.

To find out more about OS command injection vulnerabilities, try to find some recent CVE examples which are classified under CWE-120, and explore how injection could result in command execution.

Home : Teaching : Courses : Sp : 2017

Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk
Please contact our webadmin with any comments or corrections. Logging and Cookies
Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh