Cisco CloudCenter: Get the Hybrid IT Advantage

Code Injection

Definition - What does Code Injection mean?

Code injection is the malicious injection or introduction of code into an application. The code introduced or injected is capable of compromising database integrity and/or compromising privacy properties, security and even data correctness. It can also steal data and/or bypass access and authentication control. Code injection attacks can plague applications that depend on user input for execution.

Techopedia explains Code Injection

There are four main types of code injection attacks:

  • SQL injection
  • Script injection
  • Shell injection
  • Dynamic evaluation

SQL injection is a mode of attack that is used to corrupt a legitimate database query to provide falsified data. Script injection is an attack in which the attacker provides programming code to the server side of the scripting engine. Shell injection attacks, also known as operating system command attacks, manipulate applications that are used to formulate commands for the operating system. In a dynamic evaluation attack, an arbitrary code replaces the standard input, which results in the former being executed by the application. The difference between code injection and command injection, another form of attack, is the limitation of the functionality of the injected code for the malicious user.

Code injection vulnerabilities range from easy to difficult-to-find ones. Many solutions have been developed for thwarting these types of code injection attacks, for both application and architecture domain. Some examples include input validation, parameterization, privilege setting for different actions, addition of extra layer of protection and others.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.