Confirm
491
edits
Changes
m
→Preventing OS Injection
* Ensure that a robust escaping routine is in place to prevent the user from adding additional characters that can be executed by the OS ( e.g. user appends | to the malicious data and then executes another OS command). Remember to use a positive approach when constructing escaping routinges. [http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/UnixCodec.java Example]
Further Reading: [http://www.owasp.org/index.phphp/Reviewing_Code_for_OS_Injection Reviewing Code for OS Injection]
===Preventing XML Injection===
