This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSensor DetectionPoint RE4"

From OWASP
Jump to: navigation, search
(Sample code for testing for POST when expecting GET attack)
 
(updated method name)
Line 1: Line 1:
Here is some sample code that can be used to detect RE4.  
+
Here is some sample code that can be used to detect RE3.  
  
 
<pre>
 
<pre>
  
 
//the execution of this line will throw an exception if an attack is found  
 
//the execution of this line will throw an exception if an attack is found  
boolean isAttack = AttackDetectorUtils.verifyRequestMethod(myServletRequest, AttackDetectorUtils.GET);  
+
boolean isValid = AttackDetectorUtils.verifyValidRequestMethod(myServletRequest, AttackDetectorUtils.GET);  
if (isAttack) {
+
if (! isValid) {
 
     notify user ...&nbsp;???
 
     notify user ...&nbsp;???
 
}
 
}
 
</pre>
 
</pre>

Revision as of 14:26, 1 June 2010

Here is some sample code that can be used to detect RE3.


//the execution of this line will throw an exception if an attack is found 
boolean isValid = AttackDetectorUtils.verifyValidRequestMethod(myServletRequest, AttackDetectorUtils.GET); 
if (! isValid) {
    notify user ... ???
}