Word of the Day: LDAP injection

Word of the Day Daily updates on the latest technology terms |December 14, 2017

LDAP injection LDAP injection is a type of security exploit that is used to compromise the authentication process used by some websites. Websites that construct Lightweight Directory Access Protocol (LDAP) statements from data provided by users are vulnerable to this type of attack. LDAP directories store information, known as objects, for people, servers, printers and roles. If the directory is used for website authentication, the attacker can enter malicious code into a user input field, gain unauthorized access to the directory and view or change usernames and passwords. LDAP injection works in much the same manner as SQL injection, a type of security exploit in which the attacker adds SQL (Structured Query Language) code to a Web form. Both types of attacks primarily occur due to missing or weak input validation that does not reject malformed input or strip malicious LDAP control characters before including untrusted user input in a query. According to security experts, the main reason that LDAP injection and similar exploits work is the fact that security is not sufficiently emphasized during the application development process. To protect the integrity of Web sites that use forms, experts recommend implementing a sanitization process to control the types and numbers of characters that can be accepted by input boxes as well as the use of multi-factor authentication (MFA) for public-facing web applications. Quote of the Day "An LDAP injection attack, especially a blind one, aims to abuse the authentication process of passing credentials to controllers, as an LDAP server stores the username and password of the users in a database." - Matthew Pascucci   Trending Terms LDAP X.500 SQL injection SQL multi-factor authentication directory   Learning Center LDAP injection: How can it be exploited in an attack? Expert Matt Pascucci explains what an LDAP injection is and how it was hiding in the Joomla system for eight years. Learn what this means for affected sites. Readers' top picks for application security tools The top companies and application security tools that organizations consider when they seek to reduce their application vulnerabilities. Application security: Testing for injection vulnerabilities A top security vulnerability in Web applications is an injection attack. In this tip, security expert John Overbaugh teaches security testers some key techniques on how to effectively test for injection vulnerabilities. How can new template injection vulnerabilities be stopped? Researchers have discovered a new server-side template injection attack. Here's how enterprises can address these injection vulnerabilities. Securing SQL Server: Protecting Your Database from Attackers In this excerpt from chapter nine of Securing SQL Server, author Denny Cherry discusses why SQL injection attacks are so successful. Writing for Business As online security attacks increase, corporations are less ______ to allocating budget for security. a. averse b. adverse Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.