AppSpider Security issue
Hi
This is regarding security issue what we are getting while running AppSpider(security app).Please help me on the same.
On security run we are getting
buffer overflow issue
Wondering from code point of view where we are sending this value.
And also for parameter fuzzing issue
Parameter Fuzzing
Hi
Could you please specify which product is encountering this problem? How it is encountering it?
Please explain the problem bit more to properly understand the context.
Thanks and Regards
Kautuk Sahni
Kautuk Sahni
Sure Kautuk, and thanks for replying me.
I am new to AEM development.
developed some of the component and checkedin the working files.
Now the security guy ran Web Application security Testing app in-order to check the vulnerability if any in the code.
The time when we build the application we get the Appspider security report in the below format. i am attaching the images for your reference.
What i am not getting here is, i did not get any value with formstart and the "aaaaaaaaaaa" value.As i have discussed with other too that this formstart value is generated by AEM automatically.
Hi
I am moving this question to AEM Forums (the current forums where you have posted the question is for DTM).
AppSpider is 3rd party Security testing web application. I guess, the string "aaaa..." is one of the pre-build test case which this application is applying to your custom component and your component is not able to handle it (Exception handling missing). I would request you to refer the documentation of this application to better understand the error message or you may contact their support for it.
If my understanding about this question is wrong please correct me in it.
Thanks and Regards
Kautuk Sahni
Kautuk Sahni
