Which of the following is a code injection technique that launches malicious statements via input fields?

The correct answer is SQLi, which stands for SQL injection. This technique involves the insertion of malicious SQL statements into an entry field for execution by the database. SQLi exploits vulnerabilities in an application's software, often due to inadequate input validation and sanitization. When an application incorporates user input into a query without proper filtering, attackers can manipulate the input to execute unauthorized commands.

For instance, if a web application passes user-supplied data directly into a SQL query, an attacker could enter SQL code that changes the behavior of the query. This might allow them to read sensitive data from the database, modify or delete data, or even gain administrative rights over the database. SQL injection attacks can lead to severe consequences, including data breaches and loss of confidentiality, integrity, and availability of data.

The other techniques listed do not fall under the category of code injection via input fields. A DDoS attack aims to overwhelm a service with traffic, brute-force attacks try to gain access by guessing passwords, and SSRF (Server-Side Request Forgery) tricks a server into making requests to internal resources. Each of these techniques operates under different mechanisms and focuses, demonstrating the specific nature and impact of SQL injection in the realm of application security.