Description
Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include the static source (SAST) and dynamic application test (DAST) tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.
Owning organization
Validating JSON schema
Vulnerabilities (provided by MONARC)
Creator
License
Creative Commons Zero v1.0 Universal
Related objects
Definition of the object
{
"authors": [
"https://owasp.org/Top10/A03_2021-Injection"
],
"code": "A03:2021",
"description": "Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include the static source (SAST) and dynamic application test (DAST) tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.",
"label": "Injection",
"language": "EN",
"uuid": "8ecb698f-8f75-4c45-befd-0ab8ff8a611a"
}