Secure Coding mailing list archives
Insecure Java Code Snippets
From: rklists at gmail.com (Rohit Sethi)
Date: Thu, 7 May 2009 12:05:29 -0400
Brad, I recommend you approach this problem in reverse. Think of the bug you want people to hunt for and then put together an appropriate regular expressions in Google Code Search (http://www.google.com/codesearch) For instance "lang:java request getParameter .*price" might be a good starting point. After doing that search I found a few different possible vulns. Once you find a vulnerability you can extract as much or as little code out of it as you'd like. I use this often in class design. Cheers, Rohit On Wed, May 6, 2009 at 6:49 PM, Brad Andrews <andrews at rbacomm.com> wrote:
I had the name wrong, it was PC-Lint. See http://www.gimpel.com/html/bugs.htm That is what I am looking for, not just a general listing of bugs or insecure code. ?I want bugs that are hard to find and formatted like this. ?If I do create some and do it on my own (outside work), I will try to submit them to OWASP, possibly starting a project on that. Try a few of the PC-Lint bugs, if you ever wrote C/C++ code. ?They can be really hard to figure out, though maybe not by all the smart people here! ?:) Brad _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
-- Rohit Sethi Security Compass http://www.securitycompass.com
Current thread:
- Insecure Java Code Snippets, (continued)
- Insecure Java Code Snippets Ben Livshits (May 06)
- Message not available
- Insecure Java Code Snippets Brad Andrews (May 06)
- Insecure Java Code Snippets ljknews (May 07)
- Insecure Java Code Snippets Brad Andrews (May 07)
- Insecure Java Code Snippets ljknews (May 07)
- Message not available
- Insecure Java Code Snippets SC-L Reader Dave Aronson (May 08)
- Insecure Java Code Snippets ljknews (May 08)
- Insecure Java Code Snippets Wall, Kevin (May 10)
- Insecure Java Code Snippets Steven M. Christey (May 07)
- Insecure Java Code Snippets Martin Johns (May 07)
- Insecure Java Code Snippets Rohit Sethi (May 07)