How to Detect JID Attacks in Go

Do you use JSON in your web applications? If so, you’re at risk of a JSON Insecure Deserialization (JID) attack. These attacks exploit vulnerabilities within an application by injecting malicious serialized objects that in turn authorize deserialization and expose the information contained in your system. In this tutorial, we will demonstrate how you can use an API in Go to detect JID attacks and protect your applications.

We will initiate the process by adding the user-facing text input into the following code:

package mainimport (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {url := ""
method := "POST"
payload := strings.NewReader(`"<string>"`)client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Apikey", "YOUR-API-KEY-HERE")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}

And just like that, we’re done!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloudmersive

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.