Journal of Network Security

Security for web application is a prime concern today. Lightweight Directory Access Protocol (LDAP) is used in web applications for enforcing authentication. It may suffer from LDAP injection vulnerabilities and that leads to some security breaches such as login bypass and privilege escalation. This is because of poor implementation of LDAP applications. Here we propose a technique, OCL fault injection-based detection and prevention of LDAP injection vulnerabilities. Here the design level information and constraints that are expressed in OCL are extracted and then randomly altered test cases are generated; they have the capability to uncover LDAP injection vulnerabilities. We propose an algorithm to alter constraints and generate appropriate test cases that produce dissimilar results between original and altered constraints.

Cite this Article

Many Anjumol T, Ushus Maria Joseph. OCL Fault Injection-Based Detection and Prevention of LDAP Query Injection Vulnerabilities. Journal of Network Security. 2018; 6(3): 5–8p.

Zheng Y, Zhang X. Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection. Proc of IEEE ICSE, San Francisco, CA, USA. 2013; 652–661p.

Almorsy M, Grundy J, Ibrahim A. Supporting Automated Vulnerability Analysis Using Formalized Vulnerability Signatures. Proc of the ACM ASE, Essen, Germany. 2012; 100–109p.

Fonseca J, Vieira M, Madeira H. Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks. Proc of 13th PRDC, Australia. Dec 2007; 365–372p.

Hafiz M, Johnson RE. Improving Perimeter Security with Security-oriented Program Transformations. Proc of the Software Engineering for Secure Systems, Vancouver, Canada. 2009; 61–67p.

Fouque P, Leresteux D, Valette F. Using Faults for Buffer Overflow Effects. Proc of ACM Symposium of Applied Computing, Riva Del Grada, Italy. Mar 2012; 1638–1639p.

Grela D, Sapiecha K, Strug J. A Fault Injection Based Approach to Assessment of Quality of Test Sets for BPEL Processes. Proceedings of the International Conference on Evaluation of Novel Approaches of Software Engineering (ENASE), France .Jul 2015; 81–93p.

Introduction to Lightweight Directory Access Protocol (LDAP). Article ID: 196455, http://support.microsoft.com/kb/196455.

Aichernig BK, Pari Salas PA. Test Case Generation by OCL Mutation and Constraint Solving. Proc of 5th IEEE International Conference on Quality Software (QSIC).2005.

Fouque P, Leresteux D, Valette F. Using Faults for Buffer Overflow Effects. Proc of ACM Symposium of Applied Computing, Riva Del Grada, Italy. Mar 2012; 1638–1639p.

Grela D, Sapiecha K, Strug J. A Fault Injection Based Approach to Assessment of Quality of Test Sets for BPEL Processes. Proceedings of the International Conference on Evaluation of Novel Approaches of Software Engineering (ENASE), France. Jul 2015; 81–93p.