99 Injection

[Carmen Kalua]

Injection slides down to the third position. 94% of the applicationswere tested for some form of injection with a max incidence rate of 19%, an average incidence rate of 3%, and 274k occurrences. Notable Common Weakness Enumerations (CWEs) included areCWE-79: Cross-site Scripting, CWE-89: SQL Injection, and CWE-73:External Control of File Name or Path.

Some of the more common injections are SQL, NoSQL, OS command, ObjectRelational Mapping (ORM), LDAP, and Expression Language (EL) or ObjectGraph Navigation Library (OGNL) injection. The concept is identicalamong all interpreters. Source code review is the best method ofdetecting if applications are vulnerable to injections. Automatedtesting of all parameters, headers, URL, cookies, JSON, SOAP, and XMLdata inputs is strongly encouraged. Organizations can includestatic (SAST), dynamic (DAST), and interactive (IAST) application security testing tools into the CI/CDpipeline to identify introduced injection flaws before productiondeployment.

The preferred option is to use a safe API, which avoids using the interpreter entirely, provides a parameterized interface, or migrates to Object Relational Mapping Tools (ORMs).
Note: Even when parameterized, stored procedures can still introduce SQL injection if PL/SQL or T-SQL concatenates queries and data or executes hostile data with EXECUTE IMMEDIATE or exec().

For any residual dynamic queries, escape special characters using the specific escape syntax for that interpreter.
Note: SQL structures such as table names, column names, and so on cannot be escaped, and thus user-supplied structure names are dangerous. This is a common issue in report-writing software.

An injection (often and usually referred to as a "shot" in US English, a "jab" in UK English, or a "jag" in Scottish English and Scots) is the act of administering a liquid, especially a drug, into a person's body using a needle (usually a hypodermic needle) and a syringe.[1] An injection is considered a form of parenteral drug administration; it does not involve absorption in the digestive tract. This allows the medication to be absorbed more rapidly and avoid the first pass effect. There are many types of injection, which are generally named after the body tissue the injection is administered into. This includes common injections such as subcutaneous, intramuscular, and intravenous injections, as well as less common injections such as intraperitoneal, intraosseous, intracardiac, intraarticular, and intracavernous injections.

Injections are among the most common health care procedures, with at least 16 billion administered in developing and transitional countries each year.[2] Of these, 95% are used in curative care or as treatment for a condition, 3% are to provide immunizations/vaccinations, and the rest are used for other purposes, including blood transfusions.[2] The term injection is sometimes used synonymously with inoculation, but injection does not only refer to the act of inoculation. Injections generally administer a medication as a bolus (or one-time) dose, but can also be used for continuous drug administration.[3] After injection, a medication may be designed to be released slowly, called a depot injection, which can produce long-lasting effects.

An injection necessarily causes a small puncture wound to the body, and thus may cause localized pain or infection. The occurrence of these side effects varies based on injection location, the substance injected, needle gauge, procedure, and individual sensitivity. Rarely, more serious side effects including gangrene, sepsis, and nerve damage may occur. Fear of needles, also called needle phobia, is also common and may result in anxiety and fainting before, during, or after an injection. To prevent the localized pain that occurs with injections the injection site may be numbed or cooled before injection and the person receiving the injection may be distracted by a conversation or similar means. To reduce the risk of infection from injections, proper aseptic technique should be followed to clean the injection site before administration. If needles or syringes are reused between people, or if an accidental needlestick occurs, there is a risk of transmission of bloodborne diseases such as HIV and hepatitis.

Unsafe injection practices contribute to the spread of bloodborne diseases, especially in less-developed countries. To combat this, safety syringes exist which contain features to prevent accidental needlestick injury and reuse of the syringe after it is used once. Furthermore, recreational drug users who use injections to administer the drugs commonly share or reuse needles after an injection. This has led to the development of needle exchange programs and safe injection sites as a public health measure, which may provide new, sterile syringes and needles to discourage the reuse of syringes and needles. Used needles should ideally be placed in a purpose-made sharps container which is safe and resistant to puncture. Some locations provide free disposal programs for such containers for their citizens.

Injections are classified in multiple ways, including the type of tissue being injected into, the location in the body the injection is designed to produce effects, and the duration of the effects. Regardless of classification, injections require a puncture to be made, thus requiring sterile environments and procedures to minimize the risk of introducing pathogens into the body. All injections are considered forms of parenteral administration, which avoids the first pass metabolism which would potentially affect a medication absorbed through the gastrointestinal tract.

Many injections are designed to administer a medication which has an effect throughout the body. Systemic injections may be used when a person cannot take medicine by mouth, or when the medication itself would not be absorbed into circulation from the gastrointestinal tract. Medications administered via a systemic injection will enter into blood circulation, either directly or indirectly, and thus will have an effect on the entire body.

Intravenous injections, abbreviated as IV, involve inserting a needle into a vein, allowing a substance to be delivered directly into the bloodstream.[4] An intravenous injection provides the quickest onset of the desired effects because the substance immediately enters the blood, and is quickly circulated to the rest of the body.[5] Because the substance is administered directly into the bloodstream, there is no delay in the onset of effects due to the absorption of the substance into the bloodstream. This type of injection is the most common and is used frequently for administration of medications in an inpatient setting.

Another use for intravenous injections includes for the administration of nutrition to people who cannot get nutrition through the digestive tract. This is termed parenteral nutrition and may provide all or only part of a person's nutritional requirements. Parenteral nutrition may be pre-mixed or customized for a person's specific needs.[6] Intravenous injections may also be used for recreational drugs when a rapid onset of effects is desired.[7][8]

Intramuscular injections, abbreviated as IM, deliver a substance deep into a muscle, where they are quickly absorbed by the blood vessels into systemic circulation. Common injection sites include the deltoid, vastus lateralis, and ventrogluteal muscles.[9] Medical professionals are trained to give IM injections, but people who are not medical professionals can also be trained to administer medications like epinephrine using an autoinjector in an emergency.[10] Some depot injections are also administered intramuscularly, including medroxyprogesterone acetate among others.[11] In addition to medications, most inactivated vaccines, including the influenza vaccine, are given as an IM injection.[12]

Subcutaneous injections, abbreviated as SC or sub-Q, consist of injecting a substance via a needle under the skin.[13] Absorption of the medicine from this tissue is slower than in an intramuscular injection. Since the needle does not need to penetrate to the level of the muscle, a thinner and shorter needle can be used. Subcutaneous injections may be administered in the fatty tissue behind the upper arm, in the abdomen, or in the thigh. Certain medications, including epinephrine, may be used either intramuscularly or subcutaneously.[14] Others, such as insulin, are almost exclusively injected subcutaneously. Live or attenuated vaccines, including the MMR vaccine (measles, mumps, rubella), varicella vaccine (chickenpox), and zoster vaccine (shingles) are also injected subcutaneously.[15]

Intradermal injections, abbreviated as ID, consist of a substance delivered into the dermis, the layer of skin above the subcutaneous fat layer, but below the epidermis or top layer. An intradermal injection is administered with the needle placed almost flat against the skin, at a 5 to 15 degree angle.[16] Absorption from an intradermal injection takes longer than when the injection is given intravenously, intramuscularly, or subcutaneously. For this reason, few medications are administered intradermally. Intradermal injections are most commonly used for sensitivity tests, including tuberculin skin tests and allergy tests, as well as sensitivity tests to medications a person has never had before. The reactions caused by tests which use intradermal injection are more easily seen due to the location of the injection, and when positive will present as a red or swollen area. Common sites of intradermal injections include the forearm and lower back.[16]

An intraosseous injection or infusion is the act of administering medication through a needle inserted into the bone marrow of a large bone. This method of administration is only used when it is not possible to maintain access through a less invasive method such as an intravenous line, either due to frequent loss of access due to a collapsed vessel, or due to the difficulty of finding a suitable vein to use in the first place.[17] Intraosseous access is commonly obtained by inserting a needle into the bone marrow of the humerus or tibia, and is generally only considered once multiple attempts at intravenous access have failed, as it is a more invasive method of administration than an IV.[17] With the exception of occasional differences in the accuracy of blood tests when drawn from an intraosseous line, it is considered to be equivalent in efficacy to IV access. It is most commonly used in emergency situations where there is not ample time to repeatedly attempt to obtain IV access, or in younger people for whom obtaining IV access is more difficult.[17][18]

c80f0f1006