Lightweight Directory Access Protocol (LDAP) is commonly used in web applications to provide lookup information and enforcing authentication. Web applications may suffer from LDAP injection vulnerabilities that can lead to security breaches such as login bypass and privilege escalation. This paper1 proposes OCL fault injection-based detection of LDAP injection attacks. The authors extract design-level information and constraints expressed in OCL and then randomly alter them to generate test cases that have the capability to uncover LDAP injection vulnerabilities. The authors proposed approaches to implement test case generation, and they used one open source PHP application and one custom application to evaluate the proposed approach. The analysis shows that this approach can detect LDAP injection vulnerabilities.
