This test is conducted to check if your web application has an exploit for command injection. We manually identify input entry points where your web application interacts with the operating system. We than manipulate those parameter to check if there is any command injection vulnerability. This vulnerability can enable the end user to get control of your web server.
First we check for all the data input points in your web application through HTTP GET and POST requests, than we identify those instances where the web application is invoking the system commands.
We use payloads with metacharacters and inject modified commands to analyze how the application handles these command injections. If the server executes these commands than there is command injection vulnerability in your site.
It depends mostly on how soon we are able to identify all the input points to start testing with payloads. Once we identify the vulnerability than we require time to put together a report for your understanding.
Report will include the details of testing and analysis of command injection vulnerabilities found in your web application.
Based on our finding through our extensive tests we will provide recommendations in the report on how to fix and prevent the command injection vulnerabilities.