close search bar

Sorry, not available in this language yet

close language selection

OWASP Top 10: Injection

Synopsys Cybersecurity Research Center

Mar 01, 2023 / 1 min read

Injection occurs whenever an application creates a command or code that gets run somewhere else. The two most common types of injection are cross-site scripting (XSS) and SQL injection. Cross-site scripting occurs when an attacker injects malicious executable scripts into a web page. An SQL injection occurs when an attacker injects malicious SQL statements that get executed in a database.

Injection was previously listed as #1 on the OWASP Top 10 list for the most common vulnerabilities in web applications, but it moved to third in 2021.

In this video, Jonathan Knudsen, head of global research at the Cybersecurity Research Center, demonstrates how an attacker can compromise a web application using SQL injection and XSS. Viewers also learn what security activities can help mitigate these types of attacks.

Check out the OWASP Top 10 video series

Continue Reading

Top 10 free pen tester tools

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Software Integrity, Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Introducing fAST Dynamic: Streamlining dynamic application security testing

Introducing fAST Dynamic: Streamlining dynamic application security testing

Vishrut Iyengar
By Vishrut Iyengar

Mar 19, 2024 / 3 min read

Tags: DAST, Software Integrity, Security News & Trends, Build Security into DevOps
CVE-2017-5638: The Apache Struts vulnerability explained

CVE-2017-5638: The Apache Struts vulnerability explained

Fred Bals
By Fred Bals

Mar 16, 2024 / 3 min read

Tags: Software Integrity, Security News & Trends, Secure the Software Supply Chain

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Automotive
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
Financial Services
Fuzzing
Healthcare
IAST
Internet of Things
M&A
Manage Security Risks
Medical Devices
Mobile
Orchestration & Correlation
OSS License Compliance
Pen Testing
Program Strategy & Planning
Public Sector
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Threat Modeling
Threat & Risk Assessment
Training
Web Application Security