1
Q
What are injection vulnerabilities?
A
class of security vulnerabilities that occur when untrusted data is sent to an interpreter or a command execution environment without proper validation or sanitization
2
Q
How do attackers exploit injection vulnerabilities?
A
by injecting malicious input that is interpreted and executed by the targeted system
3
Q
What’s the potential impact of injection vulnerabilities?
A
unauthorized data access, data manipulation, privilege escalation, or even complete system compromise
4
Q
What are the mechanisms for preventing injection vulnerabilities?
A
- Input Validation and Sanitization
- Parameterized Queries and Prepared Statements
- Least Privilege Principle
- Whitelisting and Input Filtering
- Avoiding Dynamic Query Generation
- Secure Coding Practices
Web Application Security
flashcards
Decks in class (17)
# Cards
-
HTTP Security Headers7
-
Injection Vulnerabilities4
-
SQL Injection12
-
Command Injection4
-
Cross-Site Scripting (XSS)12
-
Cross-Site Request Forgery (CSRF)6
-
Server-Side Request Forgery (SSRF)5
-
Clickjacking5
-
Session Hijacking7
-
Insecure Direct Object References (IDOR)4
-
Directory Traversal4
-
Split-Response4
-
OWASP8
-
Cloud Native Applications1
-
Wordpress11
-
Cookies0
-
Webshell0
