Techopedia Explains Code Injection
There are four main types of code injection attacks:
- SQL injection
- Script injection
- Shell injection
- Dynamic evaluation
SQL injection is a mode of attack that is used to corrupt a legitimate database query to provide falsified data. Script injection is an attack in which the attacker provides programming code to the server side of the scripting engine. Shell injection attacks, also known as operating system command attacks, manipulate applications that are used to formulate commands for the operating system. In a dynamic evaluation attack, an arbitrary code replaces the standard input, which results in the former being executed by the application. The difference between code injection and command injection, another form of attack, is the limitation of the functionality of the injected code for the malicious user.
Code injection vulnerabilities range from easy to difficult-to-find ones. Many solutions have been developed for thwarting these types of code injection attacks, for both application and architecture domain. Some examples include input validation, parameterization, privilege setting for different actions, addition of extra layer of protection and others.
- INFOGRAPHIC: The New Face of 21st Century Cyberwarfare
- Malicious Software: Worms, Trojans and Bots, Oh My!
- Border Gateway Protocol: The Biggest Network Vulnerability Of All?
- What Enterprise Needs to Know About Identity and Access Management (IAM)
- The 7 Basic Principles of IT Security
- Data Breach Notification: The Legal and Regulatory Environment