Injection

Injection attacks against applications occur when a hacker enters malicious data as input into the application. Examples include SQL injection (SQLi) in which the malicious data would include escape characters leading into SQL commands to view, add, change or delete database values or even to change the database itself using Database Manipulation Language (DML) commands. Other injections, such as cross-site scripting (XSS) inject scripting language commands to manipulate the page. Injection attacks should be prevented by verifying all user input and stripping out characters that are not a part of a whitelist of allowed values before they are used within application, server, or database code.