This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
AppSensor DetectionPoint CIE3
From OWASP
Revision as of 19:15, 4 June 2010 by John Melton (talk | contribs)
Here is some sample code that can be used to detect CIE3. If you know that a null byte is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc)
String myInputParameter = ...; //the execution of this line will create an exception if an attack is found boolean isParamSafe = AttackDetectorUtils.verifyNullByteDoesNotExist(myInputParameter); if (! isParamSafe) { notify user ... ??? }