-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathinjection.theory.txt
22 lines (16 loc) · 1.11 KB
/
injection.theory.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
┏━━━━━━━━━━━━━━━┓
┃ INJECTION ┃
┗━━━━━━━━━━━━━━━┛
INJECTION ==> #Injecting malicious input, due to wrong assumption about input:
# - constraints: length, value, characters used, type, etc.
# - client is legitimate
# - client can't modify input
#Prevention:
# - validating input
# - validating origin of input (user, domain, etc.)
# - escaping|sanitizing input
CODE INJECTION ==> #Injecting code where data is expected
SQL|PHP|ASP|SHELL INJECTION ==> #For those specific programming langues
BUFFER OVERFLOW ==> #Input exceeds min|max length|value
#Prevented by bound checking
XSS ==> #See XSS doc