This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSensor DetectionPoint CIE4"
From OWASP
John Melton (talk | contribs) (Created page with 'Here is some sample code that can be used to detect CIE4. <pre> String myInputParameter = ...; //the execution of this line will create an exception if an attack is found boo…') |
John Melton (talk | contribs) m |
||
| Line 1: | Line 1: | ||
| − | Here is some sample code that can be used to detect CIE4. | + | Here is some sample code that can be used to detect CIE4. If you know that a CR/LF is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc) |
<pre> | <pre> | ||
Latest revision as of 19:16, 4 June 2010
Here is some sample code that can be used to detect CIE4. If you know that a CR/LF is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc)
String myInputParameter = ...;
//the execution of this line will create an exception if an attack is found
boolean isParamSafe = AttackDetectorUtils.verifyCarriageReturnOrLineFeedDoesNotExist(myInputParameter);
if (! isParamSafe) {
notify user ... ???
}
