Most interesting,
To be honest, I didn't even knew codesearch existed.
Everything has it's pros and cons, what you gonna do? :)
Thanks for sharing.
Regards,
Zapotek.
On 10/5/06, Stephen de Vries <stephen@corsaire.com> wrote:
Google's code search provides an easy way to find obvious software
flaws in open source and example applications, e.g.:
XSS in Java apps
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%
3D.*getParameter&btnG=Search
(Really obvious) SQL Injection in Java apps:
http://www.google.com/codesearch?
hl=en&lr=&q=executeQuery.*getParameter&btnG=Search
Ever wonder why we're still seeing XSS in 2006?:
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter
+package%3A%28oreilly%7Capress.com%29&btnG=Search
--
Stephen de Vries
Corsaire Ltd
E-mail: stephen@corsaire.com
Tel: +44 1483 226014
Fax: +44 1483 226068
Web: http://www.corsaire.com
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
--
__________________________________________________________
http://www.segfault.gr
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
