Injection Attacks Flashcards
Code Injection
Attacker adds in their own code into a data stream. Enabled because of bad programming with an application.
Structured Query Language (SQL)
Used to manage data held in a relational database management system or stream processing relational management systems.
What types of code are vulnerable to code injection?
HTML, SQL, XML, LDAP, etc (many different codes are vulnerable)
Extensible Markup Language (XML)
A text-based markup language used as a set of rules for data transfer and storage. Both human and machine readable.
Dynamic-Link Library (DLL)
A Windows library containing code and data used for many different applications
DLL Injection
Abuses the DLL library by injecting a code in one application in order to push the code into another DLL application.