Injection, ranked A1 in the OWASP Top 10 for 2017, refers to flaws where untrusted data is sent to an interpreter as part of a command or query. Attackers can exploit this by injecting malicious input to access or modify data, execute system commands, or bypass security controls. Common examples include SQL, OS, and LDAP injection. These attacks are dangerous, often easy to exploit, and can lead to serious breaches. Preventing them requires using safe APIs, validating input, and avoiding direct inclusion of user input in queries or commands.
