[MUSIC] Hey everyone, welcome to module 2. In the previous modules we talked about cross site scripting attack, which is a subset of injection attacks in general. Where the attacker is getting their code to be executed by the user's browser by simply appending the code that was already written, and executing some potentially malicious JavaScript. In this module, we're going to continue talking about injection attacks. By the end of this module, you'll be able to discuss and describe the three most common types of injection problems. SQL or Structured Query Language injections, cross-site scripting, and command injection. You will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll also be able to formulate plans to mitigate injection problems in your application. Now, injection attacks, the way OWASP and WebGoat classify them, happen to be on the back end. That's why SQL injection or injection attacks in general are separated from cross-site scripting, and they each have their own categories. Injections acts are very powerful. In this module, we're going to consider XML entity and SQL as our two types of injection attacks. We'll practice exploiting with the aim of finding and fixing vulnerabilities. There are many types of injection attacks, but once you get a hang of one of them, you can can kind of get the rest. We will target the two kinds of injection attacks, XML and SQL injection, because there are prebuilt lessons in WebGoat. We'll be working along those lessons. We have a lot to cover, so let's get started.