3 Replies Latest reply on Mar 10, 2016 2:44 AM by rahul_gupta

    AppSpider Security issue



      This is regarding security issue what we are getting while running AppSpider(security app).Please help me on the same.

      On security run we are getting


      buffer overflow issue



      Wondering from code point of view where we are sending this value.



      And also for parameter fuzzing issue

      Parameter Fuzzing


        • 1. Re: AppSpider Security issue
          kautuksahni Adobe Employee



          Could you please specify which product is encountering this problem? How it is encountering it?

          Please explain the problem bit more to properly understand the context.


          Thanks and Regards

          Kautuk Sahni

          • 2. Re: AppSpider Security issue
            rahul_gupta Level 1

            Sure Kautuk, and thanks for replying me.

            I am new to AEM development.

            developed some of the component and checkedin the working files.

            Now the security guy ran Web Application security Testing app in-order to check the vulnerability if any in the code.

            The time when we build the application we get the Appspider security report in the below format. i am attaching the images for your reference.

            What i am not getting here is, i did not get any value with formstart and the "aaaaaaaaaaa" value.As i have discussed with other too that this formstart value is generated by AEM automatically.

            • 3. Re: AppSpider Security issue
              kautuksahni Adobe Employee


              I am moving this question to AEM Forums (the current forums where you have posted the question is for DTM).

              AppSpider is 3rd party Security testing web application. I guess, the string "aaaa..." is one of the pre-build test case which this application is applying to your custom component and your component is not able to handle it (Exception handling missing). I would request you to refer the documentation of this application to better understand the error message or you may contact their support for it.

              If my understanding about this question is wrong please correct me in it.

              Thanks and Regards

              Kautuk Sahni