This type of attack is highly prevalent on the web. A SQL injection occurs when an attacker uses the front-end and the post data to retrieve secure data from the database. According to CodeIgniter manual, it becomes evident that your web application is automatically safe from SQL injection as the POST data is retrieved in the controller using $this->input->post (‘’); which is automatically filtered by CodeIgniter. CodeIgniter User Manual excerpt proves this fact: “Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create independent database applications since each database adapter makes the query syntax. It also allows for safer queries, since the values are skipped automatically by the system.”
An XSS or Cross Site Scripting attack is unarguably the common reason for the demise of web applications. An XSS attack works by a hacker crafting a malicious URL into the browser to settle the security of the application. CodeIgniter has a built-in XSS filter which is initialised automatically. To double check, the security threats against XSS attacks, a Firefox add-on called XXS Me (download here) can be used to test the sample application against 96 different types of attacks. The results are shown in the image below. It shows that the all form input fields were not found unencoded, which means the XSS filter within CodeIgniter did its job.
3. Remote code Execution:
This Ensures that the PHP Files is not accessible directly by manipulating or running a script, which would compromise the system.