Injection attacks
Injection
Injection attacks are very prevalent, particularly in legacy code. They allow attackers to supply untrusted data to an application, which gets processed as part of a command or query and may alter the foreseen execution flow of that application. There are many variants:
In this course we will cover SQL injection and command injection briefly. The focus will be put on cross-site scripting or XSS, since that is a vulnerability that is still widespread in modern web applications today.
Source attribution
Some parts of this page are based on OWASP A1 Injection, which is licensed under FLOSS.
Last updated