Computer Hacking Forensic Investigator (CHFI) Practice Exam 2026 - Free CHFI Practice Questions and Comprehensive Study Guide

The type of injection flaw that involves inserting malicious code through a web application is SQL Injection. This occurs when an attacker is able to manipulate the SQL queries that an application sends to its database, often by sending unsanitized inputs that include SQL code. This allows the attacker to execute arbitrary SQL commands, which can lead to unauthorized access to database information, alteration of data, or even deletion of data. SQL Injection exploits vulnerabilities found in the input validation of a web application, making it one of the most common types of web-based attacks.

In contrast, password brute force refers to a technique where an attacker tries multiple combinations of passwords to gain access to an account, rather than injecting code into a system. Nmap scanning is a method used to discover hosts and services on a network, which does not involve code injection. Footprinting is the process of gathering information about a target, which can also be seen as reconnaissance rather than an attack that directly exploits code or applications. Therefore, SQL Injection distinctly pertains to the malicious manipulation of SQL commands through a vulnerable web application.