Code Injection

1 min read Updated Fri Apr 24 2026 03:19:45 GMT+0000 (Coordinated Universal Time)

Injection attacks occur when user input alters program execution.

Input Validation

Any user input to programs must be validated before use. All user inputs must be untrusted. Length, type, pattern and logical validity must be checked.

Instead of blocking bad values (aka. blacklisting), accept only known valid input (aka. whitelisting).

Types

Command Injection

Malicious commands inserted into system calls.

SQL Injection

Malicious SQL statements manipulate database queries.

Code Injection

Attacker supplies executable code.

Cross-Site Scripting (XSS)

Malicious scripts embedded in web pages.