Forum

Query related to LDAP Injection test

We have web application. Testing team is performing security testing using third party tool and performs few LDAP attacks. As per that tool our web application is vulnerable for the LDAP Injection. Fact is that our web application do not interacts with LDAP server for any informaiton. 

Will it be good idea to perform the LDAP attacks even though there is no LDAP server interaction in webapp? 

You need to be a member of OWASP to add comments!

Join OWASP

Email me when people reply –