LDAP Vulnerability Detection in Web Applications

Lightweight Directory Access Protocol (LDAP) is commonly used in web applications to provide lookup information and enforcing authentication. Web applications may suffer from LDAP injection vulnerabilities that can lead to security breaches such as login bypass and privilege escalation. This paper1 proposes OCL fault injection-based detection of LDAP injection attacks. The authors extract design-level information and constraints expressed in OCL and then randomly alter them to generate test cases that have the capability to uncover LDAP injection vulnerabilities. The authors proposed approaches to implement test case generation, and they used one open source PHP application and one custom application to evaluate the proposed approach. The analysis shows that this approach can detect LDAP injection vulnerabilities.

MoreLess

Year of publication:	2017
Authors:	Shahriar, Hossain ; Haddad, Hisham ; Bulusu, Pranahita
Published in:	International Journal of Secure Software Engineering (IJSSE). - IGI Global, ISSN 1947-3044, ZDB-ID 2703749-6. - Vol. 8.2017, 4 (01.10.), p. 31-50
Publisher:	IGI Global
Subject:	Fault Injection \| LDAP \| LDAP Query Injection \| Object Constraint Language (OCL)

Online Resource

Check full text access |

More access options

doi.org

Check Google Scholar

In libraries world-wide (WorldCat)

In German libraries (KVK)

subito order

I need help

More details

Type of publication:	Article
Language:	English
Other identifiers:	10.4018/IJSSE.2017100102 [DOI]
Source:	Other ZBW resources

Persistent link: https://www.econbiz.de/10012048090