This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AppSensor DetectionPoint CIE3

From OWASP
Jump to: navigation, search

Here is some sample code that can be used to detect CIE3. If you know that a null byte is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc) 

String myInputParameter = ...;

//the execution of this line will create an exception if an attack is found 
boolean isParamSafe = AttackDetectorUtils.verifyNullByteDoesNotExist(myInputParameter); 
if (! isParamSafe) {
    notify user ... ???
}
Retrieved from "https://wiki.owasp.org/index.php?title=AppSensor_DetectionPoint_CIE3&oldid=84491"