OWASP Injection

September 10th, 2022


in general, if a service builds queries by bashing strings together

and any of those strings come from a user,

that service is vulnerable.


A) database (SQL) injection

"comes from a user"

data from a database may have originated from a user as well


B) XML injection

OWASP XML External Entities (XXE)


(src: Book: release it! - Michael Nygard)


This post was referenced in: