WebApp Sec mailing list archives

Re: J2EE Application Security Code Review

From: Eoin Keary <eoinkeary () gmail com>
Date: Fri, 28 Oct 2005 12:41:01 +0000

Hi,
check out OWASP.org
There is a review checklist in the "papers" section that should get
you some perspective.

Eoin



On 28/10/05, Yousef Syed <yousef.syed () gmail com> wrote:

Hi,
I've been tasked with performing a Code Review on for Security on a
J2EE Application's code.
Though I've taken part in numerous Code Reviews, I've never done one
searching for Security issues.

Can someone please advise me on what I should be looking for?
Where can I get further information on the procedure that should be followed?
Are there any Standards/Best Practices for Securing J2EE applications?

Thanx,
ys

--
Yousef Syed

Current thread:

J2EE Application Security Code Review Yousef Syed (Oct 28)
- Re: J2EE Application Security Code Review Eoin Keary (Oct 28)
- Re: J2EE Application Security Code Review Andrew van der Stock (Oct 28)
- Re: J2EE Application Security Code Review crazy frog crazy frog (Oct 28)
- <Possible follow-ups>
- RE: J2EE Application Security Code Review Prashant Shirangare (Oct 28)
  - Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
- RE: J2EE Application Security Code Review Evans, Arian (Oct 28)
- RE: J2EE Application Security Code Review Jeff Robertson (Oct 28)
  - Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
  - Message not available
    - Re: J2EE Application Security Code Review Yousef Syed (Nov 01)