WebApp Sec mailing list archives

Google code search

From: Stephen de Vries <stephen () corsaire com>
Date: Thu, 5 Oct 2006 13:08:09 +0700

Google's code search provides an easy way to find obvious softwareflaws in open source and example applications, e.g.:


XSS in Java apps

http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter&btnG=Search


(Really obvious) SQL Injection in Java apps:

http://www.google.com/codesearch?hl=en&lr=&q=executeQuery.*getParameter&btnG=Search


Ever wonder why we're still seeing XSS in 2006?:

http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter+package%3A%28oreilly%7Capress.com%29&btnG=Search



--
Stephen de Vries
Corsaire Ltd
E-mail: stephen () corsaire com
Tel:    +44 1483 226014
Fax:    +44 1483 226068
Web:    http://www.corsaire.com





-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire has new programs available for pen testers and consultants touse AppScan in client engagements. AppScan is the leading Web applicationassessment tool. Want to see it for yourself? Take a look today!


https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------

Current thread:

Google code search Stephen de Vries (Oct 04)
- Re: Google code search Zapotek (Oct 05)
- Re: Google code search Ryan Barnett (Oct 05)
- Magic Quotes DokFLeed (Oct 09)
  - Message not available
    - Re: Magic Quotes DokFLeed (Oct 10)
  - Re: Magic Quotes Tomek Perlak (Oct 10)
    - RE: Magic Quotes Matt Fisher (Oct 11)
  - Re: Magic Quotes Steve Slater (Oct 11)
    - Re: Magic Quotes DokFLeed (Oct 15)
    - Re: Magic Quotes Brad Lhotsky (Oct 16)
    - Message not available
    - Re: Magic Quotes DokFLeed (Oct 17)

(Thread continues...)