Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Web Application Security
Back to list
|
Post reply
Google code search
Oct 05 2006 06:08AM
Stephen de Vries (stephen corsaire com)
(3 replies)
Google's code search provides an easy way to find obvious software
flaws in open source and example applications, e.g.:
XSS in Java apps
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%
3D.*getParameter&btnG=Search
(Really obvious) SQL Injection in Java apps:
http://www.google.com/codesearch?
hl=en&lr=&q=executeQuery.*getParameter&btnG=Search
Ever wonder why we're still seeing XSS in 2006?:
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter
+package%3A%28oreilly%7Capress.com%29&btnG=Search
--
Stephen de Vries
Corsaire Ltd
E-mail: stephen (at) corsaire (dot) com [email concealed]
Tel: +44 1483 226014
Fax: +44 1483 226068
Web: http://www.corsaire.com
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
------------------------------------------------------------------------
--
[ reply ]
Magic Quotes
Oct 06 2006 11:00AM
DokFLeed (dokfleed dokfleed net)
(2 replies)
Re: Magic Quotes
Oct 10 2006 11:11PM
Steve Slater (slater handsonsecurity com)
(1 replies)
Re: Magic Quotes
Oct 12 2006 01:14AM
DokFLeed (dokfleed dokfleed net)
(1 replies)
Re: Magic Quotes
Oct 16 2006 09:29PM
Brad Lhotsky (lhotskyb mail nih gov)
Re: Magic Quotes
Oct 10 2006 10:19AM
Tomek Perlak (tomekperlak tlen pl)
(1 replies)
RE: Magic Quotes
Oct 11 2006 03:16PM
Matt Fisher (mfisher spidynamics com)
Re: Google code search
Oct 05 2006 12:55PM
Ryan Barnett (rcbarnett gmail com)
Re: Google code search
Oct 05 2006 06:46AM
Zapotek (zapotekzsp gmail com)
Privacy Statement
Copyright 2009, SecurityFocus
Google's code search provides an easy way to find obvious software
flaws in open source and example applications, e.g.:
XSS in Java apps
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%
3D.*getParameter&btnG=Search
(Really obvious) SQL Injection in Java apps:
http://www.google.com/codesearch?
hl=en&lr=&q=executeQuery.*getParameter&btnG=Search
Ever wonder why we're still seeing XSS in 2006?:
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter
+package%3A%28oreilly%7Capress.com%29&btnG=Search
--
Stephen de Vries
Corsaire Ltd
E-mail: stephen (at) corsaire (dot) com [email concealed]
Tel: +44 1483 226014
Fax: +44 1483 226068
Web: http://www.corsaire.com
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
------------------------------------------------------------------------
--
[ reply ]