Quiz Entry - updated: 2026.07.05
What is the conceptual model of an injection attack?
Untrusted input reaches an interpreter that executes it as code instead of treating it as data.
* The injection model — untrusted input crosses a trust boundary into an interpreter, which executes it as code instead of treating it as data. *
An injection attack crosses a trust boundary — untrusted input reaches an interpreter and gets executed:
- Interface allows untrusted input into the system
- Untrusted input is forwarded to a subcomponent
- Interpreter or parser executes the unintended malicious code
The attack crosses a trust boundary where malicious code embedded in input reaches a component with a command interface and gets executed.
Go deeper:
OWASP Top 10 — A03: Injection — injection as untrusted data reaching an interpreter as code.
OWASP Injection Prevention Cheat Sheet — the full injection family and the general defense pattern.