Avoid dynamic code execution

Avoid dynamic code execution

Summary

The system should not use dynamic code execution features such as eval().

Description

Dynamic code execution features, despite the flexibility they provide, should be used carefully and generally avoided. These features often open the door for remote code execution (RCE) and cross-site scripting (XSS) attacks. Therefore, if it is not possible to avoid dynamic code execution, any untrusted input being included (e.g., the one provided by the users) should be properly sanitized.

Supported In

This requirement is verified in following services

Plan Supported
Essential 🔴
Advanced 🟢

References

Vulnerabilities

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.