News Feed
Jobs Feed
Sections




News Archive
O'Reilly:
Using Google Code Search to Find Security Bugs
by Chris Cornutt October 13, 2006 @ 10:24:00

On the O'Reilly OnLamp.com site, there's a bit more in-depth look at using the (now infamous) Google Code Search to locate issues with scripts that have been collected over time.

I've written about using Google to find security flaws in the past. However, thanks to Google Code Search, it is now easier to scan publicly available source code for potential security issues. The idea is query Google Code Search using techniques previously reserved for local static code analysis.

The examples he gives include a search for SQL injection in a Java application, a SQL injection in a PHP application, and a cross-site scripting problem in a PHP app blindly echoing out the user's input.

He also includes a few links to some code analysis tools that can be used to help prevent some of these issues - Flawfinder, RATS, and SWAAT

1 comment voice your opinion now!
google search find security bugs analysis tool google search find security bugs analysis tool


blog comments powered by Disqus

Similar Posts

RosSoft Blog: Tutorial - Web based search engine for Flickr

Sharon Levy's Blog: PHP Version

DZone.com: Hardening PHP: How to securely include remote code (part 1)

Pierre-Alain Joye's Blog: PHP Security Conference in Paris, 2007/01/29

DeveloperWorld: InfoWorld review: Eight PHP power tools


 Community Events











Don't see your event here?
Let us know!

introduction interview functional community opinion symfony2 development usergroup language series zendframework2 release rest database unittest conference framework testing phpunit podcast

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework