Season 2: Episode 2 - Injection, Evolved

The Labs team dives into the subject of injection—one of the most prevalent and successful attack techniques featured in the breach notifications. Injection techniques have been around for a long time, and constituted a major finding in the 2018 report, but they’re evolving to target different vulnerabilities because of the way that web applications are being built. As a result, a new injection technique known as formjacking has surpassed SQL injection as the most common manifestation. Ray and Sander discuss what this means for preventing, detecting, and defending against web application attacks in 2019 and onward, and make some predictions about the future of web app architecture.