Everybody knows about SQL injections. It’s like a celebrity in the world of software security. But there are much more many different types of injection attacks which may feel jealous about popularity of SQL injections. That’s not fair. Let’s try to feel the gap, and talk about LDAP injections.

What is LDAP?

LDAP stands for Lightweight Directory Access Protocol. It’s a client-server binary protocol which lets clients access directory services. LDAP normally runs over TCP/IP, but it’s also much better to use TLS. LDAP is defined in RFC 2251.