How to Test for Injection Vulnerabilities

Injection vulnerabilities Overview

An injection attack typically occurs when input has not been validated. Injection attacks will provide some form of input and attach additional malicious data to perform some other or additional input or command. Injection attacks use an input medium to do something that the developer of the feature did not and would not normally expect. As you can see there seems to be a common form to all these types of vulnerabilites, input validation. Input validation is the number 1 security vulnerability in most applications. If input was validated a huge portion of security vulnerabilities would be solved.

There are numerous types of injection attacks and vulnerabilities. Each injection attack has differing ways on how to test for the injection vulnerability.