This article is featured in the new DZone Guide to Web Development. Get your free copy for more insightful articles, industry statistics, and more!
Injection attacks are remarkably common. In fact, they’re the backbone of most exploits; after all, in order to compromise a system, an attacker needs to inject something into the system that executes. We see this same pattern in remote code execution exploits, SQL injection, cross-site scripting, request forgery attacks, and so on. Most modern development platforms support defenses against these kinds of techniques out of the box simply by setting a few configuration parameters. And, the vast majority of developers leave it at that without really understanding what those defenses do.