According to the OWASP Top 10 2017 list (https://www.owasp.org/index.php/Top_10-2017_Top_10), injection flaws, such as SQL, operating system commands, and XML injection, are the most prevalent vulnerabilities and have the highest impact of all web application vulnerabilities.
Injection flaws occur when untrusted data coming from user-provided parameters is to be interpreted by the server. An attacker can then trick the interpreter into treating this data as executable instructions, making it execute unintended commands or gaining access to data without proper authorization.
In this chapter, we will discuss the major injection flaws in today's web applications, and will also look at tools and techniques to use in order to detect and exploit them.
