OWASP Top 10: A1 – Injection

Many web applications accept input from either external data sources or app users. In this course youll learn about various types of injection attacks such as SQL and command injections. You will learn how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next youll learn how to test a web app for injection vulnerabilities using the OWASP ZAP tool. Next you’ll set low security for a vulnerable web application tool in order to allow the execution of injection attacks. Next youll execute various types of injection attacks against a web application. Lastly you will learn how to mitigate injection attacks using techniques such as input validation and input sanitization.