Injection Vulnerabilities Flashcards
1
Q
What are injection vulnerabilities?
A
class of security vulnerabilities that occur when untrusted data is sent to an interpreter or a command execution environment without proper validation or sanitization
2
Q
How do attackers exploit injection vulnerabilities?
A
by injecting malicious input that is interpreted and executed by the targeted system
3
Q
What’s the potential impact of injection vulnerabilities?
A
unauthorized data access, data manipulation, privilege escalation, or even complete system compromise
4
Q
What are the mechanisms for preventing injection vulnerabilities?
A
- Input Validation and Sanitization
- Parameterized Queries and Prepared Statements
- Least Privilege Principle
- Whitelisting and Input Filtering
- Avoiding Dynamic Query Generation
- Secure Coding Practices
