Hello, I'd like to find vulnerabilities in my GWT applications. Thus, I prepared an example application with SQL injection and cross-site scripting holes. Now I want to find these holes with automatic tests. In my opinion, a static analysis is a reasonable way to do this. At (manually) searching the generated javascript, I located my variables in the first script-tag in the body and the corresponding function in the 18th script tag.
Now I have the following questions: - Is there a documentation of the GWT compiler available, that shows how the java source is translated into javascript? Hence, I could inspect only the part of the javascript that is related to my self-coded java and not to the framwork. - How can I identify standard parameters and functions (to skip them)? - Does anyone know a better solution to find the described vulnerabilities? - Do you have some hints to perform such a security analysis? Thanks in advance -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
