O'Reilly logo

Web Security by Hanqing Wu, Liz Zhao

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7

Injection Attacks

An injection attack is one of the most common attacks in the field of web security. We have mentioned in Chapter 3 that XSS in essence is also an HTML injection attack. In Chapter 1, We propose a security design principle—a data and code separation principle, it can be said, is born to address injection attacks.

The nature of the injection attack is that of the data entered by the user as code execution. There are two key conditions: The first is that users can control the input; the second is that the original program code to be executed is joined with data input by users. In this chapter, we will talk about several common injection attacks as well as defensive approaches.

7.1 SQL Injection Attacks

Developers today ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required