Memory Injection
Memory injection vulnerabilities refer to a type of security flaw where an attacker can introduce (inject) malicious code into a running application’s process memory.
- often designs the injected code to alter an application’s behavior to
- provide unauthorized access
- or control over the system
- often lead to severe security breaches
- Injected code generally runs with the same level of privileges as the compromised application
- e.g.,
- buffer overflow attacks
- format string vulnerabilities
- code injection attacks
- typically mitigated with secure coding practices:
- such as input and output validation
- encoding
- type-casting
- access controls
- static and dynamic application testing