This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "LDAP Injection Prevention Cheat Sheet"

From OWASP
Jump to: navigation, search
(Related Articles)
m (Point to the official site)
 
(26 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
 
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
  
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
+
The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!
= Introduction  =
 
__TOC__{{TOC hidden}}
 
  
This article is focused on providing clear, simple, actionable guidance for preventing LDAP Injection flaws in your applications. [[LDAP Injection]] attacks are somewhat common, and this is due to two factors:
+
Please visit [https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html LDAP Injection Prevention Cheat Sheet] to see the latest version of the cheat sheet.
 
 
# the lack of safer, parameterized LDAP query interfaces, and
 
# the widespread use of LDAP to authenticate users to systems.
 
 
 
TBA
 
 
 
Primary Defenses:
 
* TBA
 
 
 
Additional Defenses:
 
* TBA
 
 
 
=Primary Defenses=
 
 
 
==Defense Option 1: TBA==
 
 
 
TBA
 
 
 
;Safe Java TBA Example
 
 
 
TBA
 
 
 
;Safe C# .NET TBA Example
 
 
 
TBA
 
 
 
==Defense Option 2: TBA==
 
 
 
TBA
 
 
 
;Safe Java TBA Example
 
 
 
TBA
 
 
 
;Safe C# .NET TBA Example
 
 
 
TBA
 
 
 
==Defense Option 3: Escaping All User Supplied Input==
 
 
 
TBA
 
 
 
= Additional Defenses =
 
 
 
Beyond adopting one of the three primary defenses, we also recommend adopting all of these additional defenses in order to provide defense in depth. These additional defenses are:
 
 
 
* '''Least Privilege'''
 
* '''White List Input Validation'''
 
 
 
== Least Privilege ==
 
 
 
To minimize the potential damage of a successful LDAP injection attack, you should minimize the privileges assigned to the LDAP binding account in your environment.
 
 
 
TBA
 
 
 
== White List Input Validation ==
 
 
 
Input validation can be used to detect unauthorized input before it is passed to the SQL query. For more information please see the [[Input Validation Cheat Sheet]].
 
 
 
=Related Articles=
 
 
 
'''Description of LDAP Injection Vulnerabilities'''
 
 
 
* OWASP article on [[LDAP Injection]] Vulnerabilities
 
 
 
'''How to Avoid SQL Injection Vulnerabilities'''
 
 
 
* [[:Category:OWASP Guide Project|OWASP Developers Guide]] article on how to [[Guide to LDAP Injection | Avoid LDAP Injection]] Vulnerabilities
 
* OWASP article on [[Preventing LDAP Injection in Java]]
 
 
 
 
 
'''How to Review Code for LDAP Injection Vulnerabilities'''
 
 
 
* [[:Category:OWASP Code Review Project|OWASP Code Review Guide]] article on how to [[Reviewing Code for LDAP Injection|Review Code for LDAP Injection]] Vulnerabilities
 
 
 
'''How to Test for LDAP Injection Vulnerabilities'''
 
 
 
* [[:Category:OWASP Testing Project|OWASP Testing Guide]] article on how to [[Testing for LDAP Injection (OTG-INPVAL-006)|Test for LDAP Injection]] Vulnerabilities
 
 
 
= Authors and Primary Editors  =
 
 
 
Jim Manico - jim[at]owasp.org<br/>
 
 
 
 
 
== Other Cheatsheets ==
 
 
 
{{Cheatsheet_Navigation_Body}}
 
 
 
[[Category:Cheatsheets]]
 
[[Category:Popular]]
 

Latest revision as of 14:16, 15 July 2019

Cheatsheets-header.jpg

The Cheat Sheet Series project has been moved to GitHub!

Please visit LDAP Injection Prevention Cheat Sheet to see the latest version of the cheat sheet.