WebApp Sec mailing list archives
Re: Google code search
From: Zapotek <zapotekzsp () gmail com>
Date: Thu, 5 Oct 2006 09:46:09 +0300
Most interesting, To be honest, I didn't even knew codesearch existed. Everything has it's pros and cons, what you gonna do? :) Thanks for sharing. Regards, Zapotek. On 10/5/06, Stephen de Vries <stephen () corsaire com> wrote:
Google's code search provides an easy way to find obvious software flaws in open source and example applications, e.g.: XSS in Java apps http://www.google.com/codesearch?hl=en&lr=&q=%3C%25% 3D.*getParameter&btnG=Search (Really obvious) SQL Injection in Java apps: http://www.google.com/codesearch? hl=en&lr=&q=executeQuery.*getParameter&btnG=Search Ever wonder why we're still seeing XSS in 2006?: http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter +package%3A%28oreilly%7Capress.com%29&btnG=Search -- Stephen de Vries Corsaire Ltd E-mail: stephen () corsaire com Tel: +44 1483 226014 Fax: +44 1483 226068 Web: http://www.corsaire.com ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
-- __________________________________________________________ http://www.segfault.gr ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
Current thread:
- Google code search Stephen de Vries (Oct 04)
- Re: Google code search Zapotek (Oct 05)
- Re: Google code search Ryan Barnett (Oct 05)
- Magic Quotes DokFLeed (Oct 09)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 10)
- Message not available
- Re: Magic Quotes Tomek Perlak (Oct 10)
- RE: Magic Quotes Matt Fisher (Oct 11)
- Re: Magic Quotes Steve Slater (Oct 11)
- Re: Magic Quotes DokFLeed (Oct 15)
- Re: Magic Quotes Brad Lhotsky (Oct 16)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 17)
- Re: Magic Quotes Brad Lhotsky (Oct 17)