WebApp Sec mailing list archives
Java Code Scanning
From: "Peter Lee, Kah Chen" <peterlee () crimsonlogic com>
Date: Wed, 7 Jan 2004 14:57:16 +0800
Hi there and a good day to you, Cutting to the chase; if I am to do a textual scan of a piece of Java application code for potential malicious code embedded, what are the key words to scan for? For example in the case of C/C++ program; I might look for memory handling code i.e memcpy(), strcpy(), strdup(), memset(), system execution code sys(), exec(), fork(), etc. IPC & RPC calls. Codes which try to access password directory that sort of thing. The idea is not to look for bad code writing, but to identify/flag code which may have security implications for more detailed sturdy or even code walkthrough. Anyone have a list of keywords to search with? Thanks! Peter
Current thread:
- Java Code Scanning Peter Lee, Kah Chen (Jan 07)
- Re: Java Code Scanning Grega Bremec (Jan 07)
- Re: Java Code Scanning Francisco Andrades (Jan 09)
- Re: Java Code Scanning Gary Ellison (Jan 09)
- <Possible follow-ups>
- RE: Java Code Scanning Scovetta, Michael V (Jan 07)
- RE: Java Code Scanning Mark Curphey (Jan 07)
- RE: Java Code Scanning Robert Paris (Jan 07)