Difference between revisions of "AppSensor DetectionPoint RE3"

From OWASP
Jump to: navigation, search
(Sample code for testing for GET when expecting POST attack)
 
(updated method name)
Line 4: Line 4:
  
 
//the execution of this line will throw an exception if an attack is found  
 
//the execution of this line will throw an exception if an attack is found  
boolean isAttack = AttackDetectorUtils.verifyRequestMethod(myServletRequest, AttackDetectorUtils.POST);  
+
boolean isValid = AttackDetectorUtils.verifyValidRequestMethod(myServletRequest, AttackDetectorUtils.POST);  
if (isAttack) {
+
if (! isValid) {
 
     notify user ... ???
 
     notify user ... ???
 
}
 
}
 
</pre>
 
</pre>

Revision as of 09:25, 1 June 2010

Here is some sample code that can be used to detect RE3.


//the execution of this line will throw an exception if an attack is found 
boolean isValid = AttackDetectorUtils.verifyValidRequestMethod(myServletRequest, AttackDetectorUtils.POST); 
if (! isValid) {
    notify user ... ???
}