Which code injection technique launches malicious statements via input fields?

The correct answer is SQL injection (SQLi) because it specifically refers to a code injection technique that exploits vulnerabilities in an application by inserting or "injecting" malicious SQL statements through input fields. This allows attackers to manipulate database queries, potentially leading to unauthorized access to sensitive data, data manipulation, or even complete control over the database.

SQL injection occurs when user input is not properly sanitized or validated, enabling attackers to craft inputs that interfere with the execution of SQL commands. For example, if an application includes a login form where a user submits a username and password, an attacker might input a crafted SQL statement instead of a valid username. If the application processes this input incorrectly, it may execute these malicious commands, resulting in unauthorized access or exposure of sensitive data stored in the database.

In contrast, the other choices refer to different types of cyber threats. DDoS (Distributed Denial of Service) attacks overwhelm a network or service with traffic, aiming to make it unavailable to users, rather than directly manipulating data through input fields. Brute-force attacks involve systematically guessing passwords to gain access rather than exploiting code vulnerabilities. SSRF (Server-Side Request Forgery) involves tricking a server into making requests on behalf of an attacker, which does not