Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?
Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?
An injection attack is where a malicious actor sends commands or other arbitrary data through input fields with the intent of having the application or system execute the code as part of its normal processing. This can trick an application into executing unintended commands or accessing and exposing sensitive data.
D. Possession, custody, control
C. Injection
C. Injection
Injection attacks involve sending malicious commands or arbitrary data through input fields, tricking the application into executing unintended commands as part of its normal processing. This contrasts with Cross-site scripting, which targets client-side code execution, and cross-site request forgery, which leverages authenticated sessions to force unwanted actions. Missing function-level access control is about inadequate permission checks rather than injecting code.