Brad, I recommend you approach this problem in reverse. Think of the bug you want people to hunt for and then put together an appropriate regular expressions in Google Code Search (http://www.google.com/codesearch)
For instance "lang:java request getParameter .*price" might be a good starting point. After doing that search I found a few different possible vulns. Once you find a vulnerability you can extract as much or as little code out of it as you'd like. I use this often in class design. Cheers, Rohit On Wed, May 6, 2009 at 6:49 PM, Brad Andrews <andr...@rbacomm.com> wrote: > > I had the name wrong, it was PC-Lint. > > See > > http://www.gimpel.com/html/bugs.htm > > That is what I am looking for, not just a general listing of bugs or > insecure code. I want bugs that are hard to find and formatted like > this. If I do create some and do it on my own (outside work), I will > try to submit them to OWASP, possibly starting a project on that. > > Try a few of the PC-Lint bugs, if you ever wrote C/C++ code. They can > be really hard to figure out, though maybe not by all the smart people > here! :) > > Brad > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > -- Rohit Sethi Security Compass http://www.securitycompass.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
