I was reading on Shreeraj's article about source code review and it was overall a basic yet simple article on source code reviewing. Basically in the article, he teaches the audience from dependency determination to mitigation and countermeasures of a web application. On top of it, he included a tool where he coded himself called "scancode" which is used to scan source codes for potential entry point for XSS and SQLi. This is a must read for those who wants to know more about source code reviewing process and methoddology. Download scancode at page 3 of the article, right at the bottom.
http://www.oreillynet.com/pub/a/sysadmin/2006/11/02/webapp_security_scans.html
These days, i am so involved with application security and neglected on the networking area. Well, i am trying to shift myself slowly away from the technical side of things and wish to involve more in business and development stuff. However, still i will keep myself abreast of the latest stuff that is going around in the security world.
The Hacka Man
Minggu, 30 September 2007
Have you download your scancode?
07.31
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar