From the course: Static Application Security Testing
Join today to access over 24,500 courses taught by industry experts.
A3: Injection - SonarQube Tutorial
From the course: Static Application Security Testing
A3: Injection
- [Teacher] The third set of risks in the OWASP top 10 list are injection flaws. When an attacker sends untrusted data to a backend interpreter, something like an OS command line interpreter or a database or an LDAP directory the interpreter has to decide what to do with that data. The only problem is that interpreters can't decide that's not their job. If they receive a command, they're going to act on it. That's why it's so important for the developers to make sure that the only commands that make it to those interpreters are commands that the developers trust. Attackers seeking to exploit injection flaws are going to go after any and every part of the application that looks like it interacts with an interpreter on the backend. Common attack vectors include environment variables, application parameters, web services, and even the users themselves. If an application allows users to enter data and let's face it, most of…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
The OWASP Top 103m 26s
-
(Locked)
A1: Broken access controls6m 17s
-
(Locked)
A2: Cryptographic failures7m 29s
-
(Locked)
A3: Injection8m
-
(Locked)
A4: Insecure design5m 21s
-
(Locked)
A5: Security misconfiguration7m 58s
-
(Locked)
A6: Vulnerable and outdated components7m 8s
-
(Locked)
A7: Identification and authentication failures7m 39s
-
(Locked)
A8: Software and data integrity failures5m 49s
-
(Locked)
A9: Security logging and monitoring failures6m 55s
-
(Locked)
A10: Server-Side Request Forgery4m 58s
-
(Locked)
-