Injection Attack
Understanding Injection Attack Types
Watch How to Stop SQL Injection in Their Tracks
Table of Contents
WHAT ARE INJECTION ATTACK TYPES?
Injection is #1 on the latest (2017) OWASP Top 10 list. Injection vulnerabilities allow attackers to insert malicious inputs into an application or relay malicious code through an application to another system. Injection is involved in four prevalent attack types: OGNL injection, Expression Language Injection, command injection, and SQL injection. During an injection attack, untrusted inputs or unauthorized code are “injected” into a program and interpreted as part of a query or command. The result is an alteration of the program, redirecting it for a nefarious purpose.
Injection attacks can include calls to the operating system via system calls, the use of external programs via shell commands, or calls to backend databases using SQL (i.e., SQL injection). Whenever an application uses an interpreter, there is the risk of introducing an injection vulnerability. Whole scripts written in Perl, Python, and other languages can be injected into a poorly designed application and then executed, giving the attacker control over its behavior.
Contrast is the clear customers’ choice
Contrast is named a Customers’ Choice in the 2021 Gartner Peer Insights “Voice of the Customer”: Application Security Testing report. With the highest percentage of 5-star ratings, this is the third consecutive year Contrast has received this powerful endorsement from customers.
Built for Developers. Trusted by Security.
Learn Secure Code
.png?width=1114&height=586&name=Cross%20Site%20Scripting%20(XSS).png)
CROSS SITE SCRIPTING (XSS)
Learn about Cross site scripting (XSS) and how it affects your Java source code
CLIENT SIDE INJECTION
Learn about client-side injection and how it can affect your source code