In the early days of the Internet, one of the most common attack methods was basic, simple brute force. Bots usually performed these attacks –or persons with plenty of time off– who tried zillions of combinations of usernames and passwords until they found one that would grant access to the target application.
Brute force attacks are no longer a threat, thanks to password policies, limited login attempts, and captchas. But cybercriminals love to discover new exploits and to use them to perform new types of attacks. Long ago, they discovered that text fields on applications or web pages could be exploited by entering –or injecting– unexpected text into them that would force the application to do something it was not supposed to do. In that way, the so-called injection attacks entered the scene.