This security risk occurs when untrusted data is sent to an interpreter and unintended commands are executed. This can cause unauthorized data to be accessed or manipulated. Anyone who can send untrusted data, including external and internal users, are possible threat agents.

A common form of injection is SQL injection (SQLi), where SQL statements are included in data (such as user input) and are then unknowingly executed against the database. Among other things, a SQL injection attack could be used to retrieve, alter, or delete data. A web application firewall (WAF), which sits between users and the web application, can protect software systems from some of the more common SQL injection attacks by using common signatures to identify ...