What is Code Injection?

A Code Injection attack is a scenario whereby a malicious actor can input code into a vulnerable application which is then read and executed by the application. Often this type of attack to due to a lack of proper input/output data validation when using untrusted data, for example where an end-user could enter information into a form or search box.



What are the types of code injection?

Some examples of code injection include.

SQL injection

Cross-site scripting

• Dynamic evaluation vulnerabilities

• Object injection

• Remote file injection

• Format specifier injection

• Shell injection


If you like this blog post, find more content in our Glossary.