https://toorun.dev/tags/security/Recent content in security on toorun.devHugo -- gohugo.ioen-usWed, 20 May 2026 10:00:00 +0000https://toorun.dev/posts/command-injection-in-c/c-why-system-with-user-input-is-dangerous-with-practical-examples/Wed, 20 May 2026 10:00:00 +0000https://toorun.dev/posts/command-injection-in-c/c-why-system-with-user-input-is-dangerous-with-practical-examples/Command Injection in C/C++: Why system() with User Input is Dangerous Command injection is one of the most common and dangerous security vulnerabilities in C/C++ applications—especially in Linux utilities, embedded systems, and IoT devices. This post explains what command injection is, why it happens, and how to avoid it, with practical examples and secure coding tips. What is Command Injection? Command injection occurs when an application constructs a shell command using user input and executes it.https://toorun.dev/posts/embedded-red-cybersecurity-en18031/Sat, 29 Mar 2025 12:30:00 +0000https://toorun.dev/posts/embedded-red-cybersecurity-en18031/RED Cybersecurity (EN 18031) Overview The RED cybersecurity standard (EN 18031) defines requirements to ensure that radio equipment is secure and does not negatively impact networks, users, or services. It is structured around three main articles: 3.3.d: Protection of networks and prevention of service degradation 3.3.e: Protection of personal data and privacy 3.3.f: Protection against fraud Applicability Depending on the system design, not all articles may apply. Typical example: Systems without user data → privacy requirements may not apply Systems without financial interaction → fraud-related requirements may not apply Network interaction → usually relevant and must be addressed Requirements Structure Each article is divided into: