Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
Code injection is the malicious injection or introduction of code into an application. The code introduced or injected is capable of compromising database integrity and/or compromising privacy properties, security and even data correctness. It can also steal data and/or bypass access and authentication control. Code injection attacks can plague applications that depend on user input for execution.
There are four main types of code injection attacks:
SQL injection is a mode of attack that is used to corrupt a legitimate database query to provide falsified data. Script injection is an attack in which the attacker provides programming code to the server side of the scripting engine. Shell injection attacks, also known as operating system command attacks, manipulate applications that are used to formulate commands for the operating system. In a dynamic evaluation attack, an arbitrary code replaces the standard input, which results in the former being executed by the application. The difference between code injection and command injection, another form of attack, is the limitation of the functionality of the injected code for the malicious user.
Code injection vulnerabilities range from easy to difficult-to-find ones. Many solutions have been developed for thwarting these types of code injection attacks, for both application and architecture domain. Some examples include input validation, parameterization, privilege setting for different actions, addition of extra layer of protection and others.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What are Tactics, Techniques, and Procedures (TTPs)? Tactics, techniques, and procedures (TTPs) are the strategic plans, methodologies, and actions an...
Margaret RouseTechnology Expert
What is AI Jacking? AI jacking is a new cybersecurity term that explains a specific kind of cyberattack targeting artificial...
Maria WebbTechnology journalist
What is a QR Code Phishing? QR code phishing, also known as quishing, is a type of cyberattack that involves...
Trending NewsLatest GuidesReviewsTerm of the Day