Safeguard
Tag

injection-attacks

Safeguard articles tagged "injection-attacks" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Vulnerability Analysis

What is LDAP Injection

LDAP injection lets attackers manipulate directory queries to bypass authentication or dump directory data. Here's how it works, real CVEs, and how to stop it.

Mar 27, 20266 min read
Vulnerability Analysis

What is NoSQL Injection

NoSQL injection lets attackers bypass logins or run code using MongoDB operators like $ne and $where. See real CVEs, examples, and effective defenses.

Mar 27, 20267 min read
Vulnerability Analysis

What is Input Validation

Input validation stops malicious data at the door. See the CVEs — Equifax, Log4Shell, MOVEit — that prove why skipping it, or doing it wrong, is so costly.

Jan 28, 20266 min read
Vulnerability Analysis

Server-side includes (SSI) injection explained

SSI injection lets attackers run shell commands via directives like #exec cmd. Learn how CWE-97 works, real attack vectors, detection, and fixes.

Dec 5, 20257 min read
Vulnerability Analysis

GraphQL injection and introspection abuse explained

How GraphQL injection, introspection abuse, and alias-based DoS attacks expose APIs to data leaks—illustrated by the 2021 Peloton breach.

Dec 5, 20257 min read
Vulnerabilities

NoSQL Injection: A Practical Tutorial

NoSQL databases don't use SQL syntax, but they're not immune to injection attacks — this NoSQL injection tutorial covers how the attack actually works against MongoDB-style queries.

Feb 11, 20255 min read
Application Security

LDAP Injection Prevention Guide

LDAP injection attacks manipulate directory service queries to bypass authentication, extract sensitive data, and enumerate user accounts. This guide covers attack techniques and practical defenses for applications using LDAP.

Dec 5, 20226 min read
Application Security

NoSQL Injection and MongoDB: Prevention Guide

NoSQL injection attacks exploit the query languages of non-relational databases to bypass authentication, extract data, and modify records. This guide focuses on MongoDB injection with defenses applicable to all NoSQL databases.

Aug 5, 20226 min read
injection-attacks — Safeguard Blog