Authored on: Dec 23, 2013
Injection vulnerabilities allow a malicious attacker to insert specific commands into an application or code that will execute undesired behaviour on their behalf. These attacks usually exploit an application at the point where it requests user input for later processing. The most common types of injection vulnerabilities include SQL Injection, Command Injection, Cross Site Scripting, XPath and LDAP Injection.
This paper provides a detailed description of injection vulnerabilities, discusses how they present themselves to both end users and software developers, and explains mitigation strategies to help resolve the various types of injection attacks.