From 0f4822e8f078323b770435aaa752f9288c8d469f Mon Sep 17 00:00:00 2001 From: Ryan Rudder <96507400+RRudder@users.noreply.github.com> Date: Thu, 27 Apr 2023 13:57:49 +1000 Subject: [PATCH 1/3] Updated recommendation.md for malformed android intents --- .../app_crash/recommendations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md b/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md index cee61611..da8e41d6 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md @@ -1,6 +1,6 @@ # Recommendation(s) -It is recommended to perform input validation to limit the total request size, and file upload and extension sizes. and, It’s also important to prevent any user input based function or threading interaction. These preventative measures help against application-level DoS attacks. +It is recommended to perform input validation to ensure that all inputs meet the expected format and content, while rejecting any malformed inputs. Input validation should consider limits to the total request, file upload, and extension sizes. It’s also important to implement exception handling so that the application gracefully handles errors without crashing. These preventative measures help against application-level DoS attacks. For more information, refer to the following resources: From 61b3b454fc053a1b464fa3872a5b5230dfea030c Mon Sep 17 00:00:00 2001 From: Ryan Rudder <96507400+RRudder@users.noreply.github.com> Date: Thu, 27 Apr 2023 14:11:19 +1000 Subject: [PATCH 2/3] malformed android intents recommendation fix --- .../app_crash/recommendations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md b/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md index da8e41d6..01c9b4bb 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md @@ -1,6 +1,6 @@ # Recommendation(s) -It is recommended to perform input validation to ensure that all inputs meet the expected format and content, while rejecting any malformed inputs. Input validation should consider limits to the total request, file upload, and extension sizes. It’s also important to implement exception handling so that the application gracefully handles errors without crashing. These preventative measures help against application-level DoS attacks. +It is recommended to perform input validation to ensure that all inputs, including the Intents sent to your application, meet the expected format and content while rejecting any malformed inputs. It’s also important to implement exception handling so that the application gracefully handles errors without crashing. For more information, refer to the following resources: From a03db2508a0c96e801cbe83c7278860168ce2c48 Mon Sep 17 00:00:00 2001 From: RRudder <96507400+RRudder@users.noreply.github.com> Date: Wed, 19 Jun 2024 09:41:16 +1000 Subject: [PATCH 3/3] Revert recommendation change --- .../app_crash/recommendations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md b/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md index 01c9b4bb..da8e41d6 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/recommendations.md @@ -1,6 +1,6 @@ # Recommendation(s) -It is recommended to perform input validation to ensure that all inputs, including the Intents sent to your application, meet the expected format and content while rejecting any malformed inputs. It’s also important to implement exception handling so that the application gracefully handles errors without crashing. +It is recommended to perform input validation to ensure that all inputs meet the expected format and content, while rejecting any malformed inputs. Input validation should consider limits to the total request, file upload, and extension sizes. It’s also important to implement exception handling so that the application gracefully handles errors without crashing. These preventative measures help against application-level DoS attacks. For more information, refer to the following resources: