Overview
Explore the security pitfalls of using exec commands in software integrations through this 24-minute conference talk from BSidesLV. Delve into the reasons developers might choose to run programs directly from their code and the associated security risks, particularly command injection attacks. Examine a real-world case of command injection vulnerability (CVE-2023-39059) in a popular open-source project, learning methods, tools, and techniques for identifying and exploiting such vulnerabilities. Gain insights into detecting and preventing these attacks, understanding how programs interact, and implementing protective measures for software security.
Syllabus
Proving Ground, Tue, Aug 6, 17:00 - Tue, Aug 6, CDT
Taught by
BSidesLV