Editing Chapter 6: Edge Security and Privacy (section)

==='''Malware Injection'''===

''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either  device-side or server-side injections. 

''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.

''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. 

*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.

*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. 

*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications and ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. 

*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).

[[File: SQLinjectionattack.png|300px]]