What are injection attacks?

In an injection attack, the attacker is able to provide malicious input to a web application (inject it). The application processes this malicious input, which causes the application to behave in an unexpected way. For example, it may reveal information that should not be revealed, give the user permissions that the user should never have, or run harmful code on the server or on the client. Learn more about the basics of web security .

What are the common types of injection attacks?

Some of the most common types of injection attacks are SQL injections, cross-site scripting (XSS), code injection, OS command injection, host header injection, and more. A large part of vulnerabilities that exist in web applications can be classified as injection vulnerabilities. Read about SQL injection – one of the most serious types of injection attacks .

How to detect injection vulnerabilities?

The most efficient way to detect injection vulnerabilities, which make injection attacks possible, is by using an automated web vulnerability scanner. You can detect them manually through penetration testing but this takes a lot more time and resources. Acunetix is able to detect, assess, and manage all types of injection vulnerabilities. See what Acunetix Premium can do for you .

How to avoid injection attacks?

To avoid injection attacks you must code your web applications in a secure way to avoid injection vulnerabilities. The most important part is: never trust user input. The more you restrict, control, and monitor any form of user input, the more you can avoid your application being hacked. Learn more about secure coding best practices .

Web Security Blog | Page 39 of 138

Common Injection Attack Types, Examples, Prevention

Web Security Zone | April 18, 2019 by Ian Muscat

Injection Attacks Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker, sometimes with the use of automated hacking software, supplies untrusted input to a program. This input gets processed by an interpreter as part of a command or…

What is Code Injection (Remote Code Execution)

Web Security Zone | April 15, 2019 by Ian Muscat

Code Injection or Remote Code Execution (RCE) enables the attacker to execute malicious code as a result of an injection attack. Code Injection attacks are different than Command Injection attacks. Attacker capabilities depend on the limits of the server-side interpreter (for example, PHP, Python, and…

Remote Code Execution in bootstrap-sass Ruby Package

Web Security Zone | April 11, 2019 by Tomasz Andrzej Nidecki

If you are using Ruby to develop applications, run the latest update of Acunetix to make sure that you are safe. A very popular Rails gem bootstrap-sass was recently compromised. A malicious version of the package (3.2.0.3) was available in the official RubyGems repository for several…

Mutation XSS in Google Search

Web Security Zone | April 10, 2019 by Tomasz Andrzej Nidecki

Are you sure that your website is safe from Cross-site Scripting if Google Search was not for five months? On September 26, 2018, one of the developers working on the open-source Closure library (originally created by Google and used in Google Search) created a commit…

Recommendations for TLS/SSL Cipher Hardening

Web Security Zone | April 10, 2019 by Ian Muscat

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are widely used protocols. They were designed to secure the transfer of data between the client and the server through authentication, encryption, and integrity protection. Note: At the time of writing of this article,…

TLS Security 1: What Is SSL/TLS

Web Security Zone | April 3, 2019 by Agathoklis Prodromou

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic security protocols. They are used to make sure that network communication is secure. Their main goals are to provide data integrity and communication privacy. The SSL protocol was the first protocol designed for this…

What is Transport Layer Security (TLS): Establishing a TLS Connection

Web Security Zone | March 31, 2019 by Agathoklis Prodromou

The process of establishing a secure SSL/TLS connection involves several steps. SSL/TLS security protocols use a combination of asymmetric and symmetric encryption. The client and the server must negotiate the algorithms used and exchange key information. For the purpose of explaining this complex process, we…

TLS Security 4: SSL/TLS Certificates

Web Security Zone | March 31, 2019 by Agathoklis Prodromou

When you communicate securely with a third party using data encryption, you usually want to be sure that they are who they say they are. For example, when you use an online bank or an e-commerce site and you send sensitive information, you want to…

TLS Security 3: SSL/TLS Terminology and Basics

Web Security Zone | March 31, 2019 by Agathoklis Prodromou

To understand how Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols works, you must first understand certain basic concepts. The primary mechanism used by SSL/TLS is asymmetric encryption with cipher suites. These and related terms are explained below. Encryption Encryption is the process…

Acunetix Web Security Blog