AppSpider Security issue

rahul_gupta

08-03-2016

Hi

This is regarding security issue what we are getting while running AppSpider(security app).Please help me on the same.

On security run we are getting

 

buffer overflow issue

 

 

Wondering from code point of view where we are sending this value.

 

 

And also for parameter fuzzing issue

Parameter Fuzzing

 

Accepted Solutions (0)

Answers (3)

Answers (3)

kautuk_sahni

Community Manager

10-03-2016

Hi

I am moving this question to AEM Forums (the current forums where you have posted the question is for DTM).

AppSpider is 3rd party Security testing web application. I guess, the string "aaaa..." is one of the pre-build test case which this application is applying to your custom component and your component is not able to handle it (Exception handling missing). I would request you to refer the documentation of this application to better understand the error message or you may contact their support for it.

If my understanding about this question is wrong please correct me in it.

Thanks and Regards

Kautuk Sahni

rahul_gupta

10-03-2016

Sure Kautuk, and thanks for replying me.

I am new to AEM development.

developed some of the component and checkedin the working files.

Now the security guy ran Web Application security Testing app in-order to check the vulnerability if any in the code.

The time when we build the application we get the Appspider security report in the below format. i am attaching the images for your reference.

What i am not getting here is, i did not get any value with formstart and the "aaaaaaaaaaa" value.As i have discussed with other too that this formstart value is generated by AEM automatically.

kautuk_sahni

Community Manager

09-03-2016

Hi

 

Could you please specify which product is encountering this problem? How it is encountering it?

Please explain the problem bit more to properly understand the context.

 

Thanks and Regards

Kautuk Sahni