Malicious code injection: It's not just about SQL anymore

October 20, 2006

[From security.itworld.com]

The good news: Developers are becoming increasingly aware of the threat posed by SQL injection attacks and the pitfalls of leaving pre vulnerable to such attacks. The bad news: there are other types of pre injection attack, including LDAP injection and XPath injection, that can be just as dangerous to your applications and your data. While these may not be as well-known to developers as SQL injection, they are already in the hands of hackers, and they should be of concern. To make matters worse, much of the common wisdom concerning remediation of malicious pre injection attacks is inadequate or inaccurate.

The article continues at http://security.itworld.com/4340/061019injection/page_1.html