WebApp Sec mailing list archives
Google code search
From: Stephen de Vries <stephen () corsaire com>
Date: Thu, 5 Oct 2006 13:08:09 +0700
Google's code search provides an easy way to find obvious software flaws in open source and example applications, e.g.:
XSS in Java appshttp://www.google.com/codesearch?hl=en&lr=&q=%3C%25% 3D.*getParameter&btnG=Search
(Really obvious) SQL Injection in Java apps:http://www.google.com/codesearch? hl=en&lr=&q=executeQuery.*getParameter&btnG=Search
Ever wonder why we're still seeing XSS in 2006?:http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter +package%3A%28oreilly%7Capress.com%29&btnG=Search
-- Stephen de Vries Corsaire Ltd E-mail: stephen () corsaire com Tel: +44 1483 226014 Fax: +44 1483 226068 Web: http://www.corsaire.com ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
Current thread:
- Google code search Stephen de Vries (Oct 04)
- Re: Google code search Zapotek (Oct 05)
- Re: Google code search Ryan Barnett (Oct 05)
- Magic Quotes DokFLeed (Oct 09)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 10)
- Message not available
- Re: Magic Quotes Tomek Perlak (Oct 10)
- RE: Magic Quotes Matt Fisher (Oct 11)
- Re: Magic Quotes Steve Slater (Oct 11)
- Re: Magic Quotes DokFLeed (Oct 15)
- Re: Magic Quotes Brad Lhotsky (Oct 16)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 17)