WebApp Sec mailing list archives

Java Code Scanning

From: "Peter Lee, Kah Chen" <peterlee () crimsonlogic com>
Date: Wed, 7 Jan 2004 14:57:16 +0800

Hi there and a good day to you,

Cutting to the chase; if I am to do a textual scan of a piece of Java
application code for potential malicious code embedded, what are the key
words to scan for?

For example in the case of C/C++ program; I might look for memory
handling code i.e memcpy(), strcpy(), strdup(), memset(),  system
execution code sys(), exec(), fork(), etc. IPC & RPC calls. Codes which
try to access password directory that sort of thing.

The idea is not to look for bad code writing, but to identify/flag code
which may have security implications for more detailed sturdy or even
code walkthrough.

Anyone have a list of keywords to search with?

Thanks!

Peter

Current thread:

Java Code Scanning Peter Lee, Kah Chen (Jan 07)
- Re: Java Code Scanning Grega Bremec (Jan 07)
- Re: Java Code Scanning Francisco Andrades (Jan 09)
- Re: Java Code Scanning Gary Ellison (Jan 09)
- <Possible follow-ups>
- RE: Java Code Scanning Scovetta, Michael V (Jan 07)
- RE: Java Code Scanning Mark Curphey (Jan 07)
- RE: Java Code Scanning Robert Paris (Jan 07)