Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution . The results of a code injection attack can be disastrous.
In computer security , a vulnerability is a weakness which allows an attacker to reduce a system's information assurance . Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. [ 1 ] To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface . Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities" [ 2 ] This practice generally refers to software vulnerabilities in computing systems.
SQL injection is a technique often used to attack data driven applications. [ 1 ] This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.