OWASP Top 10: Injection

Authored by Cybersecurity Research Center

Mar 01, 2023 / 1 min read

CyRC Developer Series: #3 Injection - OWASP Top 10 2021

Explore the latest OWASP Top 10 2021, known as the most common vulnerabilities in web applications. Watch the video to learn how the list is compiled and the critical sources used to develop the OWASP Top 10 2021.

Video Player is loading.

Current Time 0:00

Duration 3:15

Loaded: 0.00%

Stream Type LIVE

Remaining Time 3:15

Injection occurs whenever an application creates a command or code that gets run somewhere else. The two most common types of injection are cross-site scripting (XSS) and SQL injection. Cross-site scripting occurs when an attacker injects malicious executable scripts into a web page. An SQL injection occurs when an attacker injects malicious SQL statements that get executed in a database.

Injection was previously listed as #1 on the OWASP Top 10 list for the most common vulnerabilities in web applications, but it moved to third in 2021.

In this video, Jonathan Knudsen, head of global research at the Cybersecurity Research Center, demonstrates how an attacker can compromise a web application using SQL injection and XSS. Viewers also learn what security activities can help mitigate these types of attacks.

Learn more about the OWASP Top 10

Continue Reading

What you need to know about the NIST Secure Software Development Framework

By Fred Bals

Aug 12, 2025 / 5 min read

Tags: Security News & Trends, Build Security into DevOps, Awareness, Secure the Software Supply Chain, AppSec Best Practices, Manage Security Risks, Public Sector