Code injection is a more sophisticated type of attack, when malicious code is inserted through some open form of the site or through a URL. The goal of the attack is to instigate the database or other part of the site to perform operations that have no visible result, but occupy the server's resources until they flood it with activities, thus shutting it down. In some cases, after these attacks, the site becomes unusable, so the content is restored with the last saved copy. Regular backup of the site is rightly considered an elementary security procedure.

Cross-site scripting (XSS) is used to perform an attack through vulnerable web applications, i.e. compromise regular users’ interaction with the website. The attacker prepares malicious JavaScript code which is then served to the user interacting with the website instead of what would be a regular response. If successful, the attacker can for example gain access to the user's confidential information, such as login credentials, or potentially take control of the website in case the targeted user has administrative access.

SQL injection is an attack based on interfering with queries that users can make to a website’s database (SQL is a widespread programming language for databases) in order to gain access to information stored in the database, including information which is not intended to be accessed through standard user queries, such as user personal data, login credentials and so on. The attacker targets the database with specific commands to disrupt its regular operation and receive access to stored data, which can then potentially be modified or deleted. In some cases, SQL injection can also be escalated to attack the server hosting the database.