Injection occurs whenever an application creates a command or code that gets run somewhere else. The two most common types of injection are cross-site scripting (XSS) and SQL injection. Cross-site scripting occurs when an attacker injects malicious executable scripts into a web page. An SQL injection occurs when an attacker injects malicious SQL statements that get executed in a database.
Injection was previously listed as #1 on the OWASP Top 10 list for the most common vulnerabilities in web applications, but it moved to third in 2021.
In this , Jonathan Knudsen, head of global research at the Cybersecurity Research Center, demonstrates how an attacker can compromise a web application using SQL injection and XSS. Viewers also learn what security activities can help mitigate these types of attacks.