WebApp Sec mailing list archives
RE: J2EE Application Security Code Review
From: "Prashant Shirangare" <shiranpr () mahindrabt com>
Date: Fri, 28 Oct 2005 17:21:48 +0530
Hi Yousef, U can download findbug tool from below mentioned URL : http://sourceforge.net/project/showfiles.php?group_id=96405 And more information about this tool is available on following URL : http://findbugs.sourceforge.net/ Sample output of findbug is available on following URL: http://findbugs.sourceforge.net/commons-modeler.html Above tools will help u in detecting security issues in Java code ... Regards Prashant -----Original Message----- From: Yousef Syed [mailto:yousef.syed () gmail com] Sent: Friday, October 28, 2005 3:33 PM To: Web Application Security Subject: J2EE Application Security Code Review Hi, I've been tasked with performing a Code Review on for Security on a J2EE Application's code. Though I've taken part in numerous Code Reviews, I've never done one searching for Security issues. Can someone please advise me on what I should be looking for? Where can I get further information on the procedure that should be followed? Are there any Standards/Best Practices for Securing J2EE applications? Thanx, ys -- Yousef Syed ********************************************************* Disclaimer: The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of MBT and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of MBT. This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and MBT is not responsible for any loss or damage arising in any way from its use ********************************************************
Current thread:
- J2EE Application Security Code Review Yousef Syed (Oct 28)
- Re: J2EE Application Security Code Review Eoin Keary (Oct 28)
- Re: J2EE Application Security Code Review Andrew van der Stock (Oct 28)
- Re: J2EE Application Security Code Review crazy frog crazy frog (Oct 28)
- <Possible follow-ups>
- RE: J2EE Application Security Code Review Prashant Shirangare (Oct 28)
- Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
- RE: J2EE Application Security Code Review Evans, Arian (Oct 28)
- RE: J2EE Application Security Code Review Jeff Robertson (Oct 28)
- Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
- Message not available
- Re: J2EE Application Security Code Review Yousef Syed (Nov 01)