Open in app

Sign in

Write

Sign in

Detect JSON Insecure Deserialization (JID) Attacks in a String with Java

Cloudmersive
2 min readMar 31, 2022

--

A relatively new threat in the application security landscape, JID attacks are yet another insidious method hackers can use to gain control of our systems and exploit them from within. Most often, malicious data is “injected” into a JSON string on its way to deserialization, allowing arbitrary code to be run on the target server.

Our JID detection API can keep you ahead of the curve. After inputting a potentially malicious string & calling the API, you’ll receive a quick response indicating whether the string contained (true) or did not contain (false) a JID attack, along with an indication of whether or not the API call was successful (true) or not (false).

To include this API in your Java project, take advantage of code provided below from the Cloudmersive API Console page (installation with Maven):

First install the Java SDK by adding a reference to the dependency in pom.xml:

<repositories>
    <repository>
        <id>jitpack.io</id>
        <url>https://jitpack.io</url>
    </repository>
</repositories>

Next, add the below reference to the dependency in pom.xml:

<dependencies>
<dependency>
    <groupId>com.github.Cloudmersive</groupId>
    <artifactId>Cloudmersive.APIClient.Java</artifactId>
    <version>v4.25</version>
</dependency>
</dependencies>

For the final step, copy in the below code. Start by adding imports to the top of the controller, and then call the validation function:

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.ContentThreatDetectionApi;ApiClient defaultClient = Configuration.getDefaultApiClient();// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");ContentThreatDetectionApi apiInstance = new ContentThreatDetectionApi();
String value = "value_example"; // String | User-facing text input.
try {
    StringInsecureDeserializationJsonDetection result = apiInstance.contentThreatDetectionDetectInsecureDeserializationJsonString(value);
    System.out.println(result);
} catch (ApiException e) {
    System.err.println("Exception when calling ContentThreatDetectionApi#contentThreatDetectionDetectInsecureDeserializationJsonString");
    e.printStackTrace();
}

Now you’re all set to scan. Happy JID hunting!

Json
Java
API
Security
Cybersecurity

--

--

Cloudmersive
Cloudmersive

Written by Cloudmersive

699 Followers
11 Following

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams