A Code Injection attack is a scenario whereby a malicious actor can input code into a vulnerable application which is then read and executed by the application. Often this type of attack to due to a lack of proper input/output data validation when using untrusted data, for example where an end-user could enter information into a form or search box.
What are the types of code injection?
Some examples of code injection include.
• Dynamic evaluation vulnerabilities
• Object injection
• Remote file injection
• Format specifier injection
• Shell injection
If you like this blog post, find more content in our Glossary.