Injection security risk

Injection is sending untrusted data to an application as a part of a command or query. Injection tricks the interpreter, a computer program that executes directly the instructions, to run the data in order to break access control or perform an unintended command.

Injection is now the most prevalent vulnerability and almost any source of data can be an injection vector.

The general solutions involve code reviews, white- or black-listing, command parametrization, using safe APIs, supporting detection with automatic scanning in Continuous Integration pipeline, and more.

Injection security risk is complex and requires meticulous analysis to mitigate.

Comment Rules: The goal is to be better at our craft. If you want to post code, insert it between the tags <code></code> Critical is fine, but if you’re rude, I'll delete your stuff. Please do not put your URL in the comment text and please use your PERSONAL name or initials and not your business name, as the latter comes off like spam. Have fun and thanks for adding to the converstaions!

Leave a Reply

Your email address will not be published. Required fields are marked *