Most interesting,
To be honest, I didn't even knew codesearch existed.

Everything has it's pros and cons, what you gonna do? :)

Thanks for sharing.

Regards,
Zapotek.

On 10/5/06, Stephen de Vries <stephen (at) corsaire (dot) com [email concealed]> wrote:
>
> Google's code search provides an easy way to find obvious software
> flaws in open source and example applications, e.g.:
>
> XSS in Java apps
> http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%
> 3D.*getParameter&btnG=Search
>
> (Really obvious) SQL Injection in Java apps:
> http://www.google.com/codesearch?
> hl=en&lr=&q=executeQuery.*getParameter&btnG=Search
>
> Ever wonder why we're still seeing XSS in 2006?:
> http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter
> +package%3A%28oreilly%7Capress.com%29&btnG=Search
>
>
> --
> Stephen de Vries
> Corsaire Ltd
> E-mail: stephen (at) corsaire (dot) com [email concealed]
> Tel: +44 1483 226014
> Fax: +44 1483 226068
> Web: http://www.corsaire.com
>
>
>
>
>
> ------------------------------------------------------------------------
-
> Sponsored by: Watchfire
>
> Watchfire has new programs available for pen testers and consultants to
> use AppScan in client engagements. AppScan is the leading Web application
> assessment tool. Want to see it for yourself? Take a look today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz

> ------------------------------------------------------------------------
--
>
>

--
__________________________________________________________
http://www.segfault.gr

------------------------------------------------------------------------
-
Sponsored by: Watchfire

Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz

------------------------------------------------------------------------
--

[ reply ]