From the course: Learning the OWASP Top 10
Unlock the full course today
Join today to access over 24,000 courses taught by industry experts.
Injection
- [Instructor] The third item in the 2021 OWASP Top 10 is injection. Here's a thing about computer science, code can either represent data or be an instruction. Injection happens when an application accepts data as input and processes it as an instruction rather than just as data. OWASP says an application is vulnerable to attack when hostile data is directly used. One analogy to consider might be if you adopt a dog from an animal rescue and the paperwork that you have to fill out requires that you give the dog a name. What if you picked a name like Sit? Because Sit happens to be a very common command that you would ask a dog to obey, that particular name could be really confusing for the dog. Sit, come here, Sit. Is a dog supposed to respond to the word sit as though it's its name, or is it supposed to respond to the word sit as though it's an instruction for what to do? Injection vulnerabilities occur in web applications…
Contents
-
-
-
Broken access control4m 37s
-
(Locked)
Cryptographic failures3m
-
(Locked)
Injection4m 19s
-
(Locked)
Insecure design2m 58s
-
(Locked)
Security misconfiguration3m 6s
-
(Locked)
Vulnerable and outdated components3m 2s
-
(Locked)
Identification and authentication failures3m 17s
-
(Locked)
Software and data integrity failures3m 35s
-
(Locked)
Security logging and monitoring failures3m 17s
-
(Locked)
Server-side request forgery (SSRF)1m 43s
-
-