Command Injection Analyzer
Configuration Name: CmdInjection
Description
Command Injection analyzer detects injection attack vulnerabilities in an API by issuing requests that contain command-line attack vectors. An application is vulnerable to injection attacks if it does not properly validate, filter, or sanitize input strings in a request. This can be exploited by an attacker by sending attack vectors in a request. OWASP classifies Injection as #8 in its API Security Top 10 (API8:2019).
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-20 | Improper Input Validation | The application either does not validate input data or incorrectly validates that the input may be processed safely and correctly. | Application should sanitize inputs and respond with a client error for invalid input data. | medium |