An Exploration of Injection Attacks

Contributed by Chris Choyce
This paper will define and analyze injection attacks and dive into why the attack surface is one of the largest available for adversaries. There are several types of injection attacks and they all involve the manipulation of code at a public available “doorway” to the data store that is threatened. The two most common types of these attacks are (Cross-Site scripting) XXS and a (structured query language injection) SQLi. We will talk about both along with Hyper Test Transport Protocol (HTTP) host header attacks, (Lightweight Directory Access Protocol) LDAP injections, code and OS injections. This paper will discuss what each attack does and some potential impacts that can be gained from such an attack as well as what the best practices are to secure against injection attacks.
This document is in PDF format. To view it click here.

Rate this article: 
No votes yet