LDAP Injection: Are Your Web Applications Vulnerable?

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing information directories. LDAP injection is the technique of exploiting web applications that use client-supplied data in LDAP statements without first stripping potentially harmful characters from the request. The objective of this paper is to inform developers, system administrators and security professionals about various techniques that can be used to attack their applications. It also describes preventive measures for protecting applications from these intrusions.

Download the paper in PDF format here.