Re: Google code search

[Zapotek <zapotekzsp () gmail com>]

Most interesting,
To be honest, I didn't even knew codesearch existed.

Everything has it's pros and cons, what you gonna do? :)

Thanks for sharing.

Regards,
Zapotek.

On 10/5/06, Stephen de Vries <stephen () corsaire com> wrote:
> Google's code search provides an easy way to find obvious software
> flaws in open source and example applications, e.g.:
>
> XSS in Java apps
> http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%
> 3D.*getParameter&btnG=Search
>
> (Really obvious) SQL Injection in Java apps:
> http://www.google.com/codesearch?
> hl=en&lr=&q=executeQuery.*getParameter&btnG=Search
>
> Ever wonder why we're still seeing XSS in 2006?:
> http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter
> +package%3A%28oreilly%7Capress.com%29&btnG=Search
>
>
> --
> Stephen de Vries
> Corsaire Ltd
> E-mail: stephen () corsaire com
> Tel:    +44 1483 226014
> Fax:    +44 1483 226068
> Web:    http://www.corsaire.com
>
>
>
>
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Watchfire has new programs available for pen testers and consultants to
> use AppScan in client engagements. AppScan is the leading Web application
> assessment tool. Want to see it for yourself? Take a look today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
> --------------------------------------------------------------------------


--
__________________________________________________________
http://www.segfault.gr

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire has new programs available for pen testers and consultants to 
use AppScan in client engagements. AppScan is the leading Web application 
assessment tool. Want to see it for yourself? Take a look today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------