AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Null Reference Exception

Null reference exceptions in a production environment always produce frustrations in customers and reflect back to developers as bug tickets

Severity

Medium

Fix Cost

Low

Trust Level

High

Null reference exceptions occur when trying to dereference a reference which is null. In simpler terms it happens when trying to make an operation on a null value at runtime.

                            
private void ToUpper(string fullName)
{
return fullName.ToUpperInvariant();
}

                 
            

The above code in method ToUpper doesn’t check passed parameter fullName against null, therefore, at runtime there’s a possibility of throwing NullReferenceException.

While this scenario is easy to understand and mitigated, NullReferenceExceptions can be thrown in various types of scenarios. As an example;


return Person.Accounts[i].Transfers[k].DestinationAccount;

		

The above code dereferences a lot of properties and each one of them has the possibility to throw NullReferenceException.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!