Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Secure Software Development

You're reading from   Secure Software Development Learn to analyze and mitigate risks in your software projects

Arrow left icon
Product type Paperback
Published in Mar 2024
Publisher Packt
ISBN-13 9781835462836
Length 262 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Aspen Olmsted Aspen Olmsted
Author Profile Icon Aspen Olmsted
Aspen Olmsted
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Modeling a Secure Application FREE CHAPTER
2. Chapter 1: Security Principles 3. Chapter 2: Designing a Secure Functional Model 4. Chapter 3: Designing a Secure Object Model 5. Chapter 4: Designing a Secure Dynamic Model 6. Chapter 5: Designing a Secure System Model 7. Chapter 6: Threat Modeling 8. Part 2: Mitigating Risks in Implementation
9. Chapter 7: Authentication and Authorization 10. Chapter 8: Input Validation and Sanitization 11. Chapter 9: Standard Web Application Vulnerabilities 12. Chapter 10: Database Security 13. Part 3: Security Validation
14. Chapter 11: Unit Testing 15. Chapter 12: Regression Testing 16. Chapter 13: Integration, System, and Acceptance Testing 17. Chapter 14: Software Penetration Testing 18. Index 19. Other Books You May Enjoy

Injection attacks

Injection attacks on web applications refer to malicious attempts to inject or execute unauthorized code or commands into an application’s data. These attacks exploit vulnerabilities in the application’s input validation mechanisms, allowing attackers to insert malicious code that the application’s interpreter then executes. Injection attacks have been around for decades but are successful every day. On the day I wrote this section of the book, I looked for recent attacks and, that week, a threat group named ResumeLooters stole the personal data of over 2 million job seekers after compromising 65 legitimate job listings and retail sites using SQL injection and Cross-Site Scripting (XSS) attacks. Almost every day, the news is filled with stories like this. Once malicious users are successful, they can use this data or access for further attacks to steal financial assets or cause havoc. The most common types of injection attacks include the following...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime