Re: web application audit ideas needed

[exon <exon () home se>]

learn lids wrote:
> hi everyone
>
> i am a newbie to this filed of webappsec. for a
> research project, i am looking at source audit of web
> app. it has activex components etc. 
>
> what all sould be covered vis-a-vis security
> prespective? could someone maybe throw some ideas for
> apps which I can cover for my practice - maybe a good
> meduim sized open source app ?

Good open source apps don't use Active X. Partly because it (Active X) 
is a flawed concept, and partly because most open source coders aren't 
particularly fond of MS and have no wish to write code that won't work 
with other open source apps.

Your best bet would probably be scanning the university projects for 
someone who has done roughly the same before (and maybe written their 
own for an example).

/exon