injection-attacks
Safeguard articles tagged "injection-attacks" — guides, analysis, and best practices for software supply chain and application security.
8 articles
What is LDAP Injection
LDAP injection lets attackers manipulate directory queries to bypass authentication or dump directory data. Here's how it works, real CVEs, and how to stop it.
What is NoSQL Injection
NoSQL injection lets attackers bypass logins or run code using MongoDB operators like $ne and $where. See real CVEs, examples, and effective defenses.
What is Input Validation
Input validation stops malicious data at the door. See the CVEs — Equifax, Log4Shell, MOVEit — that prove why skipping it, or doing it wrong, is so costly.
Server-side includes (SSI) injection explained
SSI injection lets attackers run shell commands via directives like #exec cmd. Learn how CWE-97 works, real attack vectors, detection, and fixes.
GraphQL injection and introspection abuse explained
How GraphQL injection, introspection abuse, and alias-based DoS attacks expose APIs to data leaks—illustrated by the 2021 Peloton breach.
NoSQL Injection: A Practical Tutorial
NoSQL databases don't use SQL syntax, but they're not immune to injection attacks — this NoSQL injection tutorial covers how the attack actually works against MongoDB-style queries.
LDAP Injection Prevention Guide
LDAP injection attacks manipulate directory service queries to bypass authentication, extract sensitive data, and enumerate user accounts. This guide covers attack techniques and practical defenses for applications using LDAP.
NoSQL Injection and MongoDB: Prevention Guide
NoSQL injection attacks exploit the query languages of non-relational databases to bypass authentication, extract data, and modify records. This guide focuses on MongoDB injection with defenses applicable to all NoSQL databases.