Detect JSON Insecure Deserialization (JID) Attacks in a String with Java

A relatively new threat in the application security landscape, JID attacks are yet another insidious method hackers can use to gain control of our systems and exploit them from within. Most often, malicious data is “injected” into a JSON string on its way to deserialization, allowing arbitrary code to be run on the target server.

Our JID detection API can keep you ahead of the curve. After inputting a potentially malicious string & calling the API, you’ll receive a quick response indicating whether the string contained (true) or did not contain (false) a JID attack, along with an indication of whether or not the API call was successful (true) or not (false).

To include this API in your Java project, take advantage of code provided below from the Cloudmersive API Console page (installation with Maven):

First install the Java SDK by adding a reference to the dependency in pom.xml:

<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>

Next, add the below reference to the dependency in pom.xml:

<dependencies>
<dependency>
<groupId>com.github.Cloudmersive</groupId>
<artifactId>Cloudmersive.APIClient.Java</artifactId>
<version>v4.25</version>
</dependency>
</dependencies>

For the final step, copy in the below code. Start by adding imports to the top of the controller, and then call the validation function:

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.ContentThreatDetectionApi;
ApiClient defaultClient = Configuration.getDefaultApiClient();// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");
ContentThreatDetectionApi apiInstance = new ContentThreatDetectionApi();
String value = "value_example"; // String | User-facing text input.
try {
StringInsecureDeserializationJsonDetection result = apiInstance.contentThreatDetectionDetectInsecureDeserializationJsonString(value);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling ContentThreatDetectionApi#contentThreatDetectionDetectInsecureDeserializationJsonString");
e.printStackTrace();
}

Now you’re all set to scan. Happy JID hunting!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloudmersive

Cloudmersive

437 Followers

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.