Not intended for the experienced programmer, this short piece aims to help the novice developer become aware of malicious input-manipulation. I do not claim to be an authority on the subject, but rather someone who learned something new today. In this piece I will discuss injection attacks, input validation, and input sanitization in plain language. I’ll provide some relevant links and deeper readings as we move through the piece.

Image for post
Image for post
Obligatory reference to xkcd’s “Little Bobby Tables.” Original can be found here.

And What, Exactly, Is an Injection Attack?

Simply put, an injection attack is when a user (or perhaps more aptly described as an attacker) inserts (or injects) malicious code via web inputs (username / password fields, forms, comment fields, etc.). The webcomic strip above, by xkcd author Randall Munroe, gives us some quick insight into how input manipulation may be used to achieve undesirable outcomes (for a detailed explanation of the comic, see the xkcd explainer here). Only slightly more specifically, an injection attack attempts to fool the program into thinking it is being given instructions to execute various (and most likely detrimental) commands, with one obvious example being the exposure of sensitive data thought to be secure. …


Jarret Rose

English Instructor turned Software Engineer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store