Message-
From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On
Behalf Of Brad Andrews
Sent: Wednesday, May 06, 2009 1:41 PM
To: sc-l@securecoding.org
Subject: [SC-L] Insecure Java Code Snippets
Does anyone know of a source of insecure Java snippets? I would like to get
Larry Kilgallen wrote...
> So tell me what you think is easier in C/C++.
Well, just from a pure language POV, in comparing C++ with Java (sorry,
not qualified to comment on Ada), there is one advantage to C/C++ over
Java and that is in C++ I have a much higher level of confidence of
doing things t
At 9:15 AM -0400 5/8/09, SC-L Reader Dave Aronson wrote:
> ljknews wrote:
>> At 12:47 PM -0500 5/7/09, Brad Andrews wrote:
>>> Quoting ljknews :
At 5:49 PM -0500 5/6/09, Brad Andrews wrote:
> Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
> They can be really hard to fig
ljknews wrote:
> At 12:47 PM -0500 5/7/09, Brad Andrews wrote:
>> Quoting ljknews :
>>> At 5:49 PM -0500 5/6/09, Brad Andrews wrote:
Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
They can be really hard to figure out,
>>> And yet people keep choosing those programming lang
At 12:47 PM -0500 5/7/09, Brad Andrews wrote:
> Quoting ljknews :
>
>> At 5:49 PM -0500 5/6/09, Brad Andrews wrote:
>>
>>> Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
>>> They can be really hard to figure out,
>>
>> And yet people keep choosing those programming languages.
>
> T
On Thu, 7 May 2009, ljknews wrote:
> At 5:49 PM -0500 5/6/09, Brad Andrews wrote:
>
> > Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
> > They can be really hard to figure out,
>
> And yet people keep choosing those programming languages.
Yeah. Like the developers of the compiler
Quoting ljknews :
> At 5:49 PM -0500 5/6/09, Brad Andrews wrote:
>
>> Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
>> They can be really hard to figure out,
>
> And yet people keep choosing those programming languages.
They offer quite a bit of power in exchange for the danger.
Brad, I recommend you approach this problem in reverse. Think of the
bug you want people to hunt for and then put together an appropriate
regular expressions in Google Code Search
(http://www.google.com/codesearch)
For instance "lang:java request getParameter .*price" might be a good
starting poin
At 5:49 PM -0500 5/6/09, Brad Andrews wrote:
> Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
> They can be really hard to figure out,
And yet people keep choosing those programming languages.
--
Larry Kilgallen
___
Secure Coding mailing
Brad,
I recently read a book called "Java Puzzlers"
(http://www.amazon.com/Java-TM-Puzzlers-Pitfalls-Corner/dp/032133678X/ref=sr_1_1?ie=UTF8&s=books&qid=1241707826&sr=8-1
). The book consist of small Java programs that appear to do one thing
but actually behave differently than expected. I guess t
I had the name wrong, it was PC-Lint.
See
http://www.gimpel.com/html/bugs.htm
That is what I am looking for, not just a general listing of bugs or
insecure code. I want bugs that are hard to find and formatted like
this. If I do create some and do it on my own (outside work), I will
try
ilton
703.698.7454
goertzel_ka...@bah.com
-Original Message-
From: sc-l-boun...@securecoding.org on behalf of Brad Andrews
Sent: Wed 06-May-09 13:41
To: sc-l@securecoding.org
Subject: [SC-L] Insecure Java Code Snippets
Does anyone know of a source of insecure Java snippets? I would li
Thanks Karen, that site may have enough of what I can use. Still a
bit of work to do, but worth pursuing. The other sources were a bit
too short on the snippets side, which is my fault for not making the
question better.
I don't know how many of you used to read the C-Lint ads that said
.7454
goertzel_ka...@bah.com
-Original Message-
From: sc-l-boun...@securecoding.org on behalf of Brad Andrews
Sent: Wed 06-May-09 13:41
To: sc-l@securecoding.org
Subject: [SC-L] Insecure Java Code Snippets
Does anyone know of a source of insecure Java snippets? I would like
to get som
On Wed, 6 May 2009, Brad Andrews wrote:
> Does anyone know of a source of insecure Java snippets? I would like
> to get some for a monthly meeting of leading technical people. My
> idea was to have a "find the bug" like the old C-Lint ads.
CWE has many snippets like this for various languages,
We keep a big catalog here:
http://www.fortify.com/vulncat
On 5/6/09 10:41 AM, "Brad Andrews" wrote:
>
>
>
> Does anyone know of a source of insecure Java snippets? I would like
> to get some for a monthly meeting of leading technical people. My
> idea was to have a "find the bug" like
Any Java Education book, like Cay Hortsman's Core Java. Seriously.
- Jim
- Original Message -
From: "Brad Andrews"
To:
Sent: Wednesday, May 06, 2009 7:41 AM
Subject: [SC-L] Insecure Java Code Snippets
>
>
> Does anyone know of a source of insecure Java snip
Does anyone know of a source of insecure Java snippets? I would like
to get some for a monthly meeting of leading technical people. My
idea was to have a "find the bug" like the old C-Lint ads.
Does anyone know of a source of something like this.
Brad
_
18 matches
Mail list logo
