LDAP Vulnerability Detection in Web Applications

International journal of secure software engineering Pub Date : 2017-10-01 DOI:10.4018/IJSSE.2017100102

H. Shahriar, Hisham M. Haddad, Pranahita Bulusu

{"title":"LDAP Vulnerability Detection in Web Applications","authors":"H. Shahriar, Hisham M. Haddad, Pranahita Bulusu","doi":"10.4018/IJSSE.2017100102","DOIUrl":null,"url":null,"abstract":"LightweightDirectoryAccessProtocol(LDAP)iscommonlyusedinwebapplicationstoprovide lookupinformationandenforcingauthentication.WebapplicationsmaysufferfromLDAPinjection vulnerabilitiesthatcanleadtosecuritybreachessuchasloginbypassandprivilegeescalation.This paper1proposesOCLfaultinjection-baseddetectionofLDAPinjectionattacks.Theauthorsextract design-levelinformationandconstraintsexpressedinOCLandthenrandomlyalterthemtogenerate testcasesthathavethecapabilitytouncoverLDAPinjectionvulnerabilities.Theauthorsproposed approachestoimplementtestcasegeneration,andtheyusedoneopensourcePHPapplicationand onecustomapplicationtoevaluatetheproposedapproach.Theanalysisshowsthatthisapproachcan detectLDAPinjectionvulnerabilities. KEyWoRDS Fault Injection, LDAP, LDAP Query Injection, Object Constraint Language (OCL)","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"6 1","pages":"31-50"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSE.2017100102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

LightweightDirectoryAccessProtocol(LDAP)iscommonlyusedinwebapplicationstoprovide lookupinformationandenforcingauthentication.WebapplicationsmaysufferfromLDAPinjection vulnerabilitiesthatcanleadtosecuritybreachessuchasloginbypassandprivilegeescalation.This paper1proposesOCLfaultinjection-baseddetectionofLDAPinjectionattacks.Theauthorsextract design-levelinformationandconstraintsexpressedinOCLandthenrandomlyalterthemtogenerate testcasesthathavethecapabilitytouncoverLDAPinjectionvulnerabilities.Theauthorsproposed approachestoimplementtestcasegeneration,andtheyusedoneopensourcePHPapplicationand onecustomapplicationtoevaluatetheproposedapproach.Theanalysisshowsthatthisapproachcan detectLDAPinjectionvulnerabilities. KEyWoRDS Fault Injection, LDAP, LDAP Query Injection, Object Constraint Language (OCL)

查看原文本刊更多论文

Web应用中的LDAP漏洞检测

LightweightDirectoryAccessProtocol(LDAP)iscommonlyusedinwebapplicationstoprovide lookupinformationandenforcingauthentication。WebapplicationsmaysufferfromLDAPinjection vulnerabilitiesthatcanleadtosecuritybreachessuchasloginbypassandprivilegeescalation。This paper1proposesOCLfaultinjection-baseddetectionofLDAPinjectionattacks。Theauthorsextract design-levelinformationandconstraintsexpressedinOCLandthenrandomlyalterthemtogenerate testcasesthathavethecapabilitytouncoverLDAPinjectionvulnerabilities。Theauthorsproposed approachestoimplementtestcasegeneration，andtheyusedoneopensourcePHPapplicationand onecustomapplicationtoevaluatetheproposedapproach。Theanalysisshowsthatthisapproachcan detectLDAPinjectionvulnerabilities。关键词故障注入，LDAP，查询注入，对象约束语言(OCL)

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International journal of secure software engineering

自引率

0.00%

发文量