From 410ad3390fb88fb682fdcd41fcde99511159cda9 Mon Sep 17 00:00:00 2001 From: Arman <65326024+tess-ss@users.noreply.github.com> Date: Mon, 12 Sep 2022 11:33:19 -0400 Subject: [PATCH] Create recommendations.md --- .../ldap_injection/recommendations.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 submissions/description/server_side_injection/ldap_injection/recommendations.md diff --git a/submissions/description/server_side_injection/ldap_injection/recommendations.md b/submissions/description/server_side_injection/ldap_injection/recommendations.md new file mode 100644 index 00000000..4c75abb9 --- /dev/null +++ b/submissions/description/server_side_injection/ldap_injection/recommendations.md @@ -0,0 +1,15 @@ +# Recommendation(s) + +Just like other injection attack vulnerabilities, the primary defense against LDAP injection is proper input validation. Unfortunately, there are no prepared statements interfaces for LDAP like those used in SQL. Therefore, the most effective solution is a strong validation of untrusted input. If you can properly encode and sanitize all input in the application layer, then you can significantly minimize the possibilities of these threats. + +Here are some other secure coding practices that can help you avoid LDAP injections: + +* Whitelist input validation +* Escaping all variables using the right encoding functions +* Indexing of fields containing sensitive information such as user passwords +* Output regulation +* Performing dynamic checks +* Static source code analysis + + +Other than the above practices, it is important to ensure your LDAP environment is safely configured. As a norm, always safeguard sensitive information in the LDAP directory. Configuring user permissions safely is especially important for directories used for logging purposes on mobile and web applications.