Glossary

REMOTE CODE EXECUTION / RCE
defined.

The ability for an attacker to execute arbitrary code on a target system — usually the highest-severity outcome in any pen test.

A–Z

What is Remote Code Execution (RCE)?

RCE is the headline. It can come from many roots: SQL injection escalated to OS command, XXE chained with library bugs, deserialization in Java/Python/PHP, template injection, or unpatched CVEs like Log4Shell.

Defence: defence in depth — least privilege, AppArmor/SELinux, EDR, network egress controls, and signed code only.

Related terms.

Server-Side Template Injection (SSTI)
XML External Entity (XXE)
SQL Injection
Privilege Escalation

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

REMOTE CODE EXECUTION / RCEdefined.

What is Remote Code Execution (RCE)?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

REMOTE CODE EXECUTION / RCE
defined.

BOOK A FREE
scoping call.