Often unauthorized access to web resources is gained by users who submit an HTTP request that includes one or more malicious elements that will perform unauthorized operations when they are acted upon by the server. These unauthorized operations may retrieve protected data or tie up resources so that authorized requests may not be served. One of many techniques for gaining unauthorized access to web resources by way of an HTTP request is to embed a null byte in the HTTP request. While the null byte may have no effect in the initial stages of request processing, when the HTTP request string is acted upon by high level code in the web application, such as C or C++, the null byte may be interpreted as a string terminator. This causes unusual and unpredictable behavior, which may result in protected data being returned to the user who issued the malicious request.