SecurityFocus

Google code search Oct 05 2006 06:08AM
Stephen de Vries (stephen corsaire com) (3 replies)

Magic Quotes Oct 06 2006 11:00AM
DokFLeed (dokfleed dokfleed net) (2 replies)

Re: Magic Quotes Oct 10 2006 11:11PM
Steve Slater (slater handsonsecurity com) (1 replies)

Re: Magic Quotes Oct 12 2006 01:14AM
DokFLeed (dokfleed dokfleed net) (1 replies)

Re: Magic Quotes Oct 16 2006 09:29PM
Brad Lhotsky (lhotskyb mail nih gov)

Re: Magic Quotes Oct 10 2006 10:19AM
Tomek Perlak (tomekperlak tlen pl) (1 replies)

RE: Magic Quotes Oct 11 2006 03:16PM
Matt Fisher (mfisher spidynamics com)

Re: Google code search Oct 05 2006 12:55PM
Ryan Barnett (rcbarnett gmail com)

Thumbs Up for Google labs.
Thumbs Down for poor security coding.

This looks somewhat similar to Bugle -
http://www.cipher.org.uk/index.php?p=projects/bugle.project

Nice find Stephen.

--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

On 10/5/06, Stephen de Vries <stephen (at) corsaire (dot) com [email concealed]> wrote:
>
> Google's code search provides an easy way to find obvious software
> flaws in open source and example applications, e.g.:
>
> XSS in Java apps
> http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%
> 3D.*getParameter&btnG=Search
>
> (Really obvious) SQL Injection in Java apps:
> http://www.google.com/codesearch?
> hl=en&lr=&q=executeQuery.*getParameter&btnG=Search
>
> Ever wonder why we're still seeing XSS in 2006?:
> http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter
> +package%3A%28oreilly%7Capress.com%29&btnG=Search
>
>
> --
> Stephen de Vries
> Corsaire Ltd
> E-mail: stephen (at) corsaire (dot) com [email concealed]
> Tel: +44 1483 226014
> Fax: +44 1483 226068
> Web: http://www.corsaire.com
>
>
>
>
>
> ------------------------------------------------------------------------
-
> Sponsored by: Watchfire
>
> Watchfire has new programs available for pen testers and consultants to
> use AppScan in client engagements. AppScan is the leading Web application
> assessment tool. Want to see it for yourself? Take a look today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz

> ------------------------------------------------------------------------
--
>
>

------------------------------------------------------------------------
-
Sponsored by: Watchfire

Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz

------------------------------------------------------------------------
--

[ reply ]

Re: Google code search Oct 05 2006 06:46AM
Zapotek (zapotekzsp gmail com)