[MUSIC] Welcome back. In this set of lessons, we discuss
how to handle input injections like cross-site scripting and SQL injections. And then explain the importance of
examining inputs to your programs. Let's begin. The goal of this section really is to
show you what happens when you don't examine input. And I'm going to start off
by dealing with web pages, simply because that's where
a lot of these problems arise. We're going to start with cross-site
scripting, which is a very common problem, move on to SQL injections and then onto
operating system command injections. In general, injections occur
when there's extra data or instructions embedded in input. And the input is set up so
that the input will be processed normally. But when it reaches
the injected commands or data, that is processed in a way that the normal
command, the normal input, is not. So the author of the program has an idea of how the data,
how the input, should be interpreted. And the injection is
interpreted in a different way. The three most common
of these I mentioned. They occur on the web,
cross-site scripting and things like that. SQL injections, which almost always
occurs from the web but need not, it can occur on a local program. And the same with
operating system commands. Those are usually done over the web,
but they can also be done locally.