Penetration Testing mailing list archives
java source code audit
From: Guillermo Caminer <gcaminer () flowgate net>
Date: Wed, 3 Oct 2007 20:21:40 -0300
Hi list! I'm doing a source code audit of a client-server application developed in Java. They're using Hibernate, so I'm discarding SQL injection vulnerabilities. Because they developed a client of their own instead of using a Web browser, I'm discarding XSS, Parameter tamping, XST, etc... Also, they don't have any 'Bad session store' vulnerabilities. Finally, because of Java, Buffer overflows are out of the picture. My question is: what kind of vulnerability should I check for? Thanks in advance! ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- java source code audit Guillermo Caminer (Oct 03)
- Re: java source code audit Robin Sheat (Oct 03)
- Re: java source code audit David M. Zendzian (Oct 04)
- Re: java source code audit Brian Toovey (Oct 03)
- Message not available
- Re: java source code audit Brian Toovey (Oct 04)
- Re: java source code audit SD List (Oct 05)
- Message not available
- Re: java source code audit Robin Sheat (Oct 03)
- Re: java source code audit AdityaK (Oct 04)
- RE: java source code audit Debasis Mohanty (Oct 04)
- <Possible follow-ups>
- Re: java source code audit nmonkee (Oct 04)
- Re: java source code audit cwright (Oct 04)