Injection

Injection

A | B | C | D | E | G | I | K | L | M | N | O | P | R | S | T | W | Z

A | B | C | D | E | G | I | K | L | M | N | O | P | R | S | T | W | Z

Injection occurs when untrusted data is sent as a command or query to be executed on the target systemMostly interpreters that run code as it comes in rather than compiling, are easily tricked into using data as a command. Common injections include SQL, NoSQL, LDAP, Command, OS, and ORM. Look for: 

  • User-supplied data isn’t validated or sanitized. 
  • Untrusted data is sent directly to the interpreter (i.e. concatenated to an SQL query).
  • Untrusted data is sent directly into an ORM search function. 
IAST
Improper Assets Management
Injection
Insecure Deserialization
Insecure Direct Object Reference
Insufficient Logging & Monitoring
Inventory Hoarding