Open in app

Sign in

Write

Sign in

How to Identify User-Facing Text Input Threats using a Free API in Node.js

Cloudmersive
2 min readJan 2, 2024

--

A variety of different cyber-attacks use text-based inputs to exploit vulnerabilities in our applications. We can’t prevent those threats (or collect crucial information about them) if we can’t detect them in the first place.

Thankfully, using the below code, we can take advantage of an API designed to identify a variety of common text-input threats, including Cross Site Scripting, SQL Injection, XML External Entities, JSON Insecure Deserialization and Server-Side Request Forgery. If any of those threats are detected, we’ll see a Boolean in our API response body to confirm, and we’ll also receive Booleans identifying if the text input was XML, JSON, or a URL string.

//Example JSON response body
{
  "Successful": true,
  "CleanResult": true,
  "ContainedJsonInsecureDeserializationAttack": true,
  "ContainedXssThreat": true,
  "ContainedXxeThreat": true,
  "ContainedSqlInjectionThreat": true,
  "ContainedSsrfThreat": true,
  "IsXML": true,
  "IsJSON": true,
  "IsURL": true,
  "OriginalInput": "string"
}

We can easily structure our API call in a few quick steps — but first we’ll need to retrieve a free-tier API key. These allow a limit of 800 API calls per month with zero commitment.

With our API key ready, we can first install the SDK. Let’s either run this command:

npm install cloudmersive-security-api-client --save

Or let’s add this snippet to our package.json instead:

  "dependencies": {
    "cloudmersive-security-api-client": "^1.2.0"
  }

Finally, let’s copy the below ready-to-run code into our file and configure our request parameters:

var CloudmersiveSecurityApiClient = require('cloudmersive-security-api-client');
var defaultClient = CloudmersiveSecurityApiClient.ApiClient.instance;

// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';



var apiInstance = new CloudmersiveSecurityApiClient.ContentThreatDetectionApi();

var value = "value_example"; // String | User-facing text input.


var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.contentThreatDetectionAutomaticThreatDetectionString(value, callback);

Now we can easily incorporate a layer of security redundancy for the user-facing text inputs in our web applications.

API
Nodejs
Software Development
Cybersecurity
Web Security

--

--

Cloudmersive
Cloudmersive

Written by Cloudmersive

699 Followers
11 Following

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams