Difference between revisions of "AppSensor DetectionPoint CIE3"

From OWASP
Jump to: navigation, search
(Created page with 'Here is some sample code that can be used to detect CIE3. <pre> String myInputParameter = ...; //the execution of this line will create an exception if an attack is found boo…')
 
m
 
Line 1: Line 1:
Here is some sample code that can be used to detect CIE3.  
+
Here is some sample code that can be used to detect CIE3. If you know that a null byte is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc)
  
 
<pre>
 
<pre>

Latest revision as of 14:15, 4 June 2010

Here is some sample code that can be used to detect CIE3. If you know that a null byte is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc)

String myInputParameter = ...;

//the execution of this line will create an exception if an attack is found 
boolean isParamSafe = AttackDetectorUtils.verifyNullByteDoesNotExist(myInputParameter); 
if (! isParamSafe) {
    notify user ... ???
}