Injection attacks

Injection

Injection attacks are very prevalent, particularly in legacy code. They allow attackers to supply untrusted data to an application, which gets processed as part of a command or query and may alter the foreseen execution flow of that application. There are many variants:

SQL injection
LDAP injection
NoSQL injection
OS command injection
XML parser injection
SMTP header injection
expression language injection
HTML injection
Script injection (XSS)

In this course we will cover SQL injection and command injection briefly. The focus will be put on cross-site scripting or XSS, since that is a vulnerability that is still widespread in modern web applications today.

Source attribution

Some parts of this page are based on OWASP A1 Injection, which is licensed under FLOSS.

PreviousFIDO2 and WebAuthn NextSQL Injection

Last updated 2 years ago

Was this helpful?