Penetration Testing mailing list archives
Java Code Review Template
From: Jian Hui Wang <jhwang () gosecure ca>
Date: 4 Mar 2005 02:39:31 -0000
Hi, all, Do you have any ideas about the Java code review for security issues? 1) what to review? The first things on my mind are input validation and error message handling. But except for that, anything I could pay attention too? OWASP top ten? Any special issues for Java? 2) how to review? I also tried to follow OWASP test framework Part I, but it seems not so workable since the time is limited. I know the automated tool like PMD, checkstyle can do some job, but they seem more for pretty programming. Any tools do your recommend? 3) how much time? For the time, how many lines that you can review for a day? Any answer about these questions will be highly appreciated. Jian Hui Wang, M.Sc, CSE, CCSE, CCNA Security Analyst Gosecure Inc. Venez consulter notre portail SecInfo pour les dernières nouvelles en sécurité: http://www.gosecure.ca/SecInfo/index.html
Current thread:
- Java Code Review Template Jian Hui Wang (Mar 03)