Lecture 12: Command Injection & Input Validation

This lecture considers how attacker-supplied commands might be executed by a vulnerable application, and examines the particular issue of SQL injection. It then frames these issues as input validation problems, and considers a specific case study: that of URL validation.

This exploration of URL validation looks at how homograph attacks can fool users into accepting invalid URLs, how browsers can be tricked into hiding malicious URLs, and how URLs can be abused to mount directory traversal attacks against web servers.