Command injection attacks exploit flaws in software. The present inventors recognize that one solution to prevent such attacks would be to avoid software flaws by using safe programming practices or programming constructs that do not allow such flaws. While this approach may be technically feasible, in many instances it is not practical. First, it would be impractical to redesign or re-implement the large body of legacy software that already exists. Second, even for newly-developed software, time-to-market pressure favors the quick delivery of new features over careful security considerations. Third, many software applications are produced by programmers that have not been properly trained in best security practices. And fourth, a software application is often created by composition with other software components whose provenance and adherence to security best practices can be of dubious quality. In short, not only are command injection attacks severe, they are here to stay for the foreseeable future.