The NIST SAMATE Reference Dataset has mainly C code in it, but there is also
Java, C++, and PHP. There's a search function that allows you to search by
programming language to find what you want.
http://samate.nist.gov/SRD/
--
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.698.7454
goer
I heard that http://www.twitter.com is a fun one, too. LITTERED with major
vulns.
- Jim
- Original Message -
From: "security curmudgeon"
To: "Jeremy Epstein"
Cc:
Sent: Wednesday, May 06, 2009 7:17 AM
Subject: Re: [SC-L] Seeking vulnerable server-side scripts
>
> : There are several
Use google codesearch:
http://www.google.com/codesearch?hl=en&lr=&q=select.*from.*%5C%24_%28GET%7CPOST%7CCOOKIES%29+lang%3Aphp&btnG=Search
http://www.google.com/codesearch?hl=en&lr=&q=input.*type%3Dhidden.*%3D.*%5C%24_%28GET%7CPOST%7CCOOKIE%29&btnG=Search
http://www.google.com/codesearch?hl=en&l
On Wed, 6 May 2009, Brad Andrews wrote:
> Does anyone know of a source of insecure Java snippets? I would like
> to get some for a monthly meeting of leading technical people. My
> idea was to have a "find the bug" like the old C-Lint ads.
CWE has many snippets like this for various languages,
We keep a big catalog here:
http://www.fortify.com/vulncat
On 5/6/09 10:41 AM, "Brad Andrews" wrote:
>
>
>
> Does anyone know of a source of insecure Java snippets? I would like
> to get some for a monthly meeting of leading technical people. My
> idea was to have a "find the bug" like
Any Java Education book, like Cay Hortsman's Core Java. Seriously.
- Jim
- Original Message -
From: "Brad Andrews"
To:
Sent: Wednesday, May 06, 2009 7:41 AM
Subject: [SC-L] Insecure Java Code Snippets
>
>
> Does anyone know of a source of insecure Java snippets? I would like
> to ge
Jeremy,
CVE is littered with these kinds of issues, for PHP especially. The
scripts are often open source, fully-functional packages that just happen
to have lots of security issues. Sometimes the root cause is buried
fairly deep in the code, but the people who find these bugs often care
only a
Hi Jeremy,
: I'm experimenting (on paper initially) with a technique for improving
: resiliency of web applications, and to do so am looking for examples
: of server side scripts (PHP, Perl, whatever) that have security
: vulnerabilities, to see if the technique would work. If you have
: If the
: There are several applications designed specifically for this:
:
: Mutillidae
:
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
:
: Foundstone's Hacme Bank and Hacme Travel
: http://www.foundstone.com/us/resources-free-tools.asp
:
: WebGoat
: h
Does anyone know of a source of insecure Java snippets? I would like
to get some for a monthly meeting of leading technical people. My
idea was to have a "find the bug" like the old C-Lint ads.
Does anyone know of a source of something like this.
Brad
_
Greetings,
I'm experimenting (on paper initially) with a technique for improving
resiliency of web applications, and to do so am looking for examples
of server side scripts (PHP, Perl, whatever) that have security
vulnerabilities, to see if the technique would work. If you have
scripts you'd be w
11 matches
Mail list logo