Secure Coding mailing list archives
[WEB SECURITY] RE: blog post and open source vulnerabilities to blog about
From: coley at linus.mitre.org (Steven M. Christey)
Date: Thu, 18 Mar 2010 17:40:11 -0400 (EDT)
CWE, CLASP, and some other information sources have a number of code snippets that highlight various weaknesses. In CWE, this code is easily extractable from the XML by grabbing the Demonstrative_Examples element, and we've even conveniently labeled examples with the various languages. You could also grab the CVE real-world examples from the Observed_Examples element. Note that the code examples are by no means complete, but they might be good enough to start with. If you pore through CVE, you will soon realize that it can be very time-consuming to go from a real-world open-source vuln report to the actual code snippet. - Steve
Current thread:
- blog post and open source vulnerabilities to blog about Matt Parsons (Mar 16)
- blog post and open source vulnerabilities to blog about Jon Rose (Mar 16)
- blog post and open source vulnerabilities to blog about McGovern, James F. (P+C Technology) (Mar 16)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Arshan Dabirsiaghi (Mar 16)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Matt Parsons (Mar 16)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Steven M. Christey (Mar 18)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Arshan Dabirsiaghi (Mar 16)
- blog post and open source vulnerabilities to blog about Greg Beeley (Mar 16)
- blog post and open source vulnerabilities to blog about Dan Cornell (Mar 17)