A type of security attack performed by inserting malicious code at an interface into an application to exploit poor handling of untrusted data.