LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the typical exploit techniques used by malware that target interfaces?

Five recurring ones: SQL injection, command injection, XSS, buffer overflows, and string overflows — and they're all the same trick, "data crossing a boundary and being treated as code".

What makes this list worth memorising isn't the names but the pattern behind them: each technique smuggles attacker-controlled input across a trust boundary and gets it interpreted as instructions (SQL, shell commands, HTML/JS, or raw memory) instead of inert data. Recognise the pattern and you can defend all five with the same instinct — validate and separate data from code at the boundary:

Technique overview:

Technique Target Attack Vector
SQL Injection Database queries User input in SQL
Command Injection OS commands User input in shell commands
XSS Web browsers Malicious scripts in web pages
Buffer Overflow Memory Input exceeding buffer size
String Overflow String handling Oversized string input

Common thread: All exploit improper input validation at interfaces — the attacker's data crosses a trust boundary and gets interpreted as code.

See: OWASP Top 10

Go deeper:

From Quiz: SPRG / Security Review | Updated: Jul 14, 2026