Have a question?
Message sent Close
0 reviews

Introduction to OS Command Injections (2020)

Learn hands-on how to perform and defend against OS Command Injections
85 Students enrolled
  • Description
  • Curriculum
  • FAQ
  • Reviews

Welcome to this course on OS Command Injections! OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked.

We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix.

Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells, giving us access to the target server any time we want.

After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections.

Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications, and it will provide the steps needed to create your own personal, safe, and legal environments to exploit for learning purposes.


Topics we will cover together:

  1. How to set up a Kali Linux Virtual Machine for free

  2. How to configure and create safe & legal environments using Docker containers inside of Kali

  3. A quick command line refresher

  4. An explanation of what OS Command injections are and how they work

  5. OS Command injection techniques

  6. How to perform OS Command injections by hand

  7. How to perform OS Command injections with automated tools (Commix)

  8. How to defend against injections at the application layer

  9. How to find vulnerabilities by looking at code

  10. Proper coding techniques to prevent OS Command Injections



To understand how OS Command injections work and how to perform them as well as defend against them, you must have:

  • Experience working with web applications

  • Experience with OS commands (Linux or Windows)

Suggestion: You may also wish to take our free Introduction to Application Security (AppSec) course to familiarize yourself with the concepts of Application Security, and we have an SQL Injection course available for free as well on Udemy.



My name is Christophe Limpalair, and I have helped thousands of individuals pass IT certifications and learn how to use the cloud for their applications. I got started in IT at the age of 11 and unintentionally fell into the world of cybersecurity.

As I developed a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently.

I’ve taught certification courses such as the AWS Certified Developer, AWS Certified SysOps Administrator, and AWS Certified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), Lambda Deep Dive, Backup Strategies, and others.

Working with individual contributors as well as managers, I realized that most were also facing serious challenges when it came to cybersecurity.

Digging deeper, it became clear that there was a lack of training for AppSec specifically. It’s time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we’ll do just that!

I welcome you on your journey to learning more about OS Command injections, and I look forward to being your instructor!

How long do I have access to the course materials?
You can view and review the lecture materials indefinitely, like an on-demand channel.
Can I take my courses with me wherever I go?
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don't have an internet connection, some instructors also let their students download course lectures. That's up to the instructor though, so make sure you get on their good side!
Course details
Lectures 1
Quizzes 3
Video 1 hours
Full lifetime access
Access on mobile and TV

External Links May Contain Affiliate Links read more

Join our Telegram Channel To Get Latest Notification & Course Updates!
Join Our Telegram For FREE Courses & Canva PremiumJOIN NOW