Injection is an attack class where an attacker inserts malicious code into an application through input fields. The best-known variant is SQL injection, which executes manipulated database queries. Other forms include command injection, LDAP injection, and XPath injection. Injection vulnerabilities have been part of the OWASP Top 10 for years. The most effective countermeasure is using prepared statements or parameterized queries. Input validation provides an additional defense-in-depth layer. Your ISMS secure development policy should name injection as a risk and mandate code reviews and automated SAST scans.