Code Injection is a security vulnerability where an attacker introduces malicious code into a system by exploiting input validation flaws. This injected code is then executed by the system, potentially allowing unauthorised access, data theft, or system compromise. Characteristics include:
Attack Method:
- Insert malicious code into the application
- Exploit poor input validation
Types:
- SQL injection
- Cross-site scripting (XSS)
- Remote code execution
Consequences:
- Data theft
- Unauthorised access
- System compromise
Prevention:
- Input validation
- Parameterised queries
- Escaping user input
Detection:
- Static code analysis
- Penetration testing
Code Injection poses significant security risks to applications.