News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Using Google Code Search to Find Security Bugs
October 13, 2006 @ 10:24:00

On the O'Reilly site, there's a bit more in-depth look at using the (now infamous) Google Code Search to locate issues with scripts that have been collected over time.

I've written about using Google to find security flaws in the past. However, thanks to Google Code Search, it is now easier to scan publicly available source code for potential security issues. The idea is query Google Code Search using techniques previously reserved for local static code analysis.

The examples he gives include a search for SQL injection in a Java application, a SQL injection in a PHP application, and a cross-site scripting problem in a PHP app blindly echoing out the user's input.

He also includes a few links to some code analysis tools that can be used to help prevent some of these issues - Flawfinder, RATS, and SWAAT

1 comment voice your opinion now!
google search find security bugs analysis tool google search find security bugs analysis tool

blog comments powered by Disqus

Similar Posts PhpDig excels at small Web site indexing

SitePoint PHP Blog: Unserialize Yahoo! search results

Ask About PHP Blog: Google Analytics API class for PHP

Zend Developer Zone: Security Tip of the Week

Etienne Kneuss' Blog: Dataflow Type Analysis for PHP

Community Events

Don't see your event here?
Let us know!

community part2 laravel opinion interview series symfony testing list project introduction php7 example framework podcast composer yii2 application api language

All content copyright, 2015 :: - Powered by the Solar PHP Framework