AppSensor DetectionPoint CIE4

Here is some sample code that can be used to detect CIE4. If you know that a CR/LF is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc)

String myInputParameter = ...;

//the execution of this line will create an exception if an attack is found boolean isParamSafe = AttackDetectorUtils.verifyCarriageReturnOrLineFeedDoesNotExist(myInputParameter); if (! isParamSafe) { notify user ... ??? }