Fatal injection: A survey of modern code injection attack countermeasures

Dimitris Mitropoulos*, Diomidis Spinellis

*Corresponding author for this work

Research output: Contribution to journalReview articleScientificpeer-review

11 Citations (Scopus)


With a code injection attack (CIA) an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation's infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

Original languageEnglish
Article numbere136
JournalPeerJ Computer Science
Issue number11
Publication statusPublished - 1 Jan 2017
Externally publishedYes


  • Application security
  • Code injection attacks
  • Countermeasures
  • Cross-site scripting
  • Dynamic prevention
  • Software vulnerabilities
  • Static analysis


Dive into the research topics of 'Fatal injection: A survey of modern code injection attack countermeasures'. Together they form a unique fingerprint.

Cite this