A03:2021 – Injection

Share on Twitter Share on Reddit Share on Pinboard Share on Newspipe
Get the object Export to a MISP galaxy Get only values in CSV Get only values in JSON

Description
Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include the static source (SAST) and dynamic application test (DAST) tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.
Owning organization
OWASP
Validating JSON schema
Vulnerabilities (provided by MONARC)
Creator
Cedric
License
Creative Commons Zero v1.0 Universal

Related objects

Definition of the object 
{
    "authors": [
        "https://owasp.org/Top10/A03_2021-Injection"
    ],
    "code": "A03:2021",
    "description": "Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include the static source (SAST) and dynamic application test (DAST) tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.",
    "label": "Injection",
    "language": "EN",
    "uuid": "8ecb698f-8f75-4c45-befd-0ab8ff8a611a"
}