OCL Fault Injection-Based Detection & Prevention of LDAP Query Injection Vulnerabilities
Keywords:
Lightweight Directory Access Protocol (LDAP), Object Constrained Language (OCL)Abstract
Security for web application is a prime concern today. Lightweight Directory Access Protocol (LDAP) is used in web applications for enforcing authentication. It may suffer from LDAP injection vulnerabilities and that leads to some security breaches such as login bypass and privilege escalation. This is because of poor implementation of LDAP applications. Here we propose a technique, OCL fault injection-based detection and prevention of LDAP injection vulnerabilities. Here the design level information and constraints that are expressed in OCL are extracted and then randomly altered test cases are generated; they have the capability to uncover LDAP injection vulnerabilities. We propose an algorithm to alter constraints and generate appropriate test cases that produce dissimilar results between original and altered constraints.
Cite this Article
Many Anjumol T, Ushus Maria Joseph. OCL Fault Injection-Based Detection and Prevention of LDAP Query Injection Vulnerabilities. Journal of Network Security. 2018; 6(3): 5–8p.
References
Zheng Y, Zhang X. Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection. Proc of IEEE ICSE, San Francisco, CA, USA. 2013; 652–661p.
Almorsy M, Grundy J, Ibrahim A. Supporting Automated Vulnerability Analysis Using Formalized Vulnerability Signatures. Proc of the ACM ASE, Essen, Germany. 2012; 100–109p.
Fonseca J, Vieira M, Madeira H. Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks. Proc of 13th PRDC, Australia. Dec 2007; 365–372p.
Hafiz M, Johnson RE. Improving Perimeter Security with Security-oriented Program Transformations. Proc of the Software Engineering for Secure Systems, Vancouver, Canada. 2009; 61–67p.
Fouque P, Leresteux D, Valette F. Using Faults for Buffer Overflow Effects. Proc of ACM Symposium of Applied Computing, Riva Del Grada, Italy. Mar 2012; 1638–1639p.
Grela D, Sapiecha K, Strug J. A Fault Injection Based Approach to Assessment of Quality of Test Sets for BPEL Processes. Proceedings of the International Conference on Evaluation of Novel Approaches of Software Engineering (ENASE), France .Jul 2015; 81–93p.
Introduction to Lightweight Directory Access Protocol (LDAP). Article ID: 196455, http://support.microsoft.com/kb/196455.
Aichernig BK, Pari Salas PA. Test Case Generation by OCL Mutation and Constraint Solving. Proc of 5th IEEE International Conference on Quality Software (QSIC).2005.
Fouque P, Leresteux D, Valette F. Using Faults for Buffer Overflow Effects. Proc of ACM Symposium of Applied Computing, Riva Del Grada, Italy. Mar 2012; 1638–1639p.
Grela D, Sapiecha K, Strug J. A Fault Injection Based Approach to Assessment of Quality of Test Sets for BPEL Processes. Proceedings of the International Conference on Evaluation of Novel Approaches of Software Engineering (ENASE), France. Jul 2015; 81–93p.
Downloads
Published
Issue
Section
License
Declaration and Copyright Transfer Form
(to be completed by authors)
I/ We, the undersigned author(s) of the submitted manuscript, hereby declare, that the above manuscript which is submitted for publication in the STM Journals(s), is not published already in part or whole (except in the form of abstract) in any journal or magazine for private or public circulation, and, is not under consideration of publication elsewhere.
- I/We will not withdraw the manuscript after 1 week of submission as I have read the Author Guidelines and will adhere to the guidelines.
- I/We Author(s ) have niether given nor will give this manuscript elsewhere for publishing after submitting in STM Journal(s).
- I/ We have read the original version of the manuscript and am/ are responsible for the thought contents embodied in it. The work dealt in the manuscript is my/ our own, and my/ our individual contribution to this work is significant enough to qualify for authorship.
- I/We also agree to the authorship of the article in the following order:
Author’s name
1. ________________
2. ________________
3. ________________
4. ________________
| We Author(s) tick this box and would request you to consider it as our signature as we agree to the terms of this Copyright Notice, which will apply to this submission if and when it is published by this journal. |