[MUSIC] You may have heard of the large Equifax breach that occurred in 2017 that exposed data of roughly 140 million people. Attackers exploited a vulnerability in Apache Struts which is CVE-2017-5638, which allows remote attackers to execute arbitrary commands when specially crafting user-controlled data in HTTP headers. At the very least, it is fascinating to understand how attackers can exploit application vulnerabilities in order to perform malicious activities. But on a more important level, it helps those of us who work on creating and maintaining application code to protect the users who use our applications. We want to keep in mind the fundamental idea of attack surface, and the name of the game is to reduce this attack surface. We also want to be aware of the fact that we should always be thinking about how our applications handle user-controlled data. So that we can put guards in place to minimize security issues with our applications. By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems, SQL injection, Cross-site scripting, and Command injection. In order to drive home these concepts, you'll be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications. We have a lot to cover. So let's start then.