WebApp Sec mailing list archives
Re: Google code search
From: "Ryan Barnett" <rcbarnett () gmail com>
Date: Thu, 5 Oct 2006 08:55:51 -0400
Thumbs Up for Google labs. Thumbs Down for poor security coding. This looks somewhat similar to Bugle - http://www.cipher.org.uk/index.php?p=projects/bugle.project Nice find Stephen. -- Ryan C. Barnett Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache On 10/5/06, Stephen de Vries <stephen () corsaire com> wrote:
Google's code search provides an easy way to find obvious software flaws in open source and example applications, e.g.: XSS in Java apps http://www.google.com/codesearch?hl=en&lr=&q=%3C%25% 3D.*getParameter&btnG=Search (Really obvious) SQL Injection in Java apps: http://www.google.com/codesearch? hl=en&lr=&q=executeQuery.*getParameter&btnG=Search Ever wonder why we're still seeing XSS in 2006?: http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter +package%3A%28oreilly%7Capress.com%29&btnG=Search -- Stephen de Vries Corsaire Ltd E-mail: stephen () corsaire com Tel: +44 1483 226014 Fax: +44 1483 226068 Web: http://www.corsaire.com ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
Current thread:
- Google code search Stephen de Vries (Oct 04)
- Re: Google code search Zapotek (Oct 05)
- Re: Google code search Ryan Barnett (Oct 05)
- Magic Quotes DokFLeed (Oct 09)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 10)
- Message not available
- Re: Magic Quotes Tomek Perlak (Oct 10)
- RE: Magic Quotes Matt Fisher (Oct 11)
- Re: Magic Quotes Steve Slater (Oct 11)
- Re: Magic Quotes DokFLeed (Oct 15)
- Re: Magic Quotes Brad Lhotsky (Oct 16)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 17)
- Re: Magic Quotes Brad Lhotsky (Oct 17)
- Re: Magic Quotes DokFLeed (Oct 17)