مرکز منطقه ای اطلاع رساني علوم و فناوري - Classification of Lightweight Directory Access Protocol query injection attacks and mitigation techniques

DocumentCode :

1699750

Title :

Classification of Lightweight Directory Access Protocol query injection attacks and mitigation techniques

Author :

Bulusu, Pranahita ; Shahriar, Hossain ; Haddad, Hisham M.

Author_Institution :

Dept. of Comput. Sci., Kennesaw State Univ., Kennesaw, GA, USA

fYear :

2015

Firstpage :

337

Lastpage :

344

Abstract :

The Lightweight Directory Access Protocol (LDAP) is used in a large number of web applications, and therefore, different types of LDAP injection attacks are becoming common. These injection attacks take advantage of an application not validating inputs before being used as part of LDAP queries. An attacker can provide inputs that may result in the alteration of intended LDAP query structure. The attacks can lead to various types of security breaches including Login Bypassing, Information Disclosure, Privilege Escalation, and Information Alteration. Despite many research efforts to prevent LDAP injection attacks, many web applications remain vulnerable to such attacks. In particular, there has been little attention given to implement and test secure web applications that can mitigate LDAP query injection attacks. More attention has been given to prevent Structured Query Language (SQL) injection attacks but these mitigation techniques cannot be directly applied in order to prevent LDAP injection attacks. This work provides analysis and classification of various types of LDAP injection attacks and mitigation techniques used to prevent them, and it highlights the differences between SQL and LDAP injection attacks.

Keywords :

SQL; cryptographic protocols; pattern classification; query processing; LDAP injection attacks; LDAP query injection attacks; LDAP query structure; SQL injection attacks; information alteration; information disclosure; lightweight directory access protocol mitigation techniques; lightweight directory access protocol query injection attack classification; login bypassing; privilege escalation; security breach; structured query language injection attacks; DVD; Decision support systems; LDAP injection; SQL injection; mitigation technique;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Collaboration Technologies and Systems (CTS), 2015 International Conference on

Conference_Location :

Atlanta, GA

Print_ISBN :

978-1-4673-7647-1

Type :

conf

DOI :

10.1109/CTS.2015.7210446

Filename :

7210446

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1699750