The most common flaw in web applications is the injection flaw. Interactive web application takes input from the user, processes it, and returns the output to the client. When the application is vulnerable to an injection flaw, it accepts input from the user with improper or no validation and processes it, which results in actions that the application did not desire to perform. The malicious input tricks the application, forcing the underlying components to perform tasks that the application was not programmed for. In other words, an injection flaw allows the attacker to control components of the application.

In this chapter, we will discuss the major injection flaws and cover the following ...