Chapter 7

Injection Attacks

An injection attack is one of the most common attacks in the field of web security. We have mentioned in Chapter 3 that XSS in essence is also an HTML injection attack. In Chapter 1, We propose a security design principle—a data and code separation principle, it can be said, is born to address injection attacks.

The nature of the injection attack is that of the data entered by the user as code execution. There are two key conditions: The first is that users can control the input; the second is that the original program code to be executed is joined with data input by users. In this chapter, we will talk about several common injection attacks as well as defensive approaches.

7.1 SQL Injection Attacks

Developers today ...

Get Web Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Security by Hanqing Wu, Liz Zhao

Injection Attacks

7.1 SQL Injection Attacks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly