Code Injection

What Does Code Injection Mean?

Code injection is the malicious injection or introduction of code into an application. The code introduced or injected is capable of compromising database integrity and/or compromising privacy properties, security and even data correctness. It can also steal data and/or bypass access and authentication control. Code injection attacks can plague applications that depend on user input for execution.

Advertisements

Techopedia Explains Code Injection

There are four main types of code injection attacks:

  • SQL injection
  • Script injection
  • Shell injection
  • Dynamic evaluation

SQL injection is a mode of attack that is used to corrupt a legitimate database query to provide falsified data. Script injection is an attack in which the attacker provides programming code to the server side of the scripting engine. Shell injection attacks, also known as operating system command attacks, manipulate applications that are used to formulate commands for the operating system. In a dynamic evaluation attack, an arbitrary code replaces the standard input, which results in the former being executed by the application. The difference between code injection and command injection, another form of attack, is the limitation of the functionality of the injected code for the malicious user.

Code injection vulnerabilities range from easy to difficult-to-find ones. Many solutions have been developed for thwarting these types of code injection attacks, for both application and architecture domain. Some examples include input validation, parameterization, privilege setting for different actions, addition of extra layer of protection and others.

Advertisements

Related Terms

Latest Cyber Threats Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Cybersecurity

NIS 2 Directive’s One-Year Window for Business Compliance Starts Today

Neil C. Hughes2 months
dummy_img
Buzzwords and Jargon

Tech Shame: Gen Z Fears ‘Normal’ Technology More Than Gen X

Sam Cooling2 months
dummy_img
Artificial Intelligence

6 Generative AI Startups to Watch in 2024 

Tim Keary2 monthsTechnology Expert
dummy_img
Blockchain

Australia’s Central Bank’s Verdict on Tokenization and CBDCs

Nicole Willing2 monthsTechnology Writer
dummy_img
Cybersecurity

Cybersecurity for Kids: The Best Tips For Concerned Parents

John Meah2 monthsCybersecurity Consultant
dummy_img
Artificial Intelligence

AI May Be About to Send Astronomy into Hyperdrive Mode

Kaushik Pal2 monthsTechnology Writer

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Investing
Investing
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
VoIP
VoIP
VPN
VPN