PHPDeveloper.org: O'Reilly: Using Google Code Search to Find Security Bugs

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

Community News: PHP Advent 2008

Ibuildings Blog: Zend_Paginator: First Impressions

Community News: Latest PECL Releases for 12.02.2008

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPro.org: Calculate Friday The 13th With Datetime Class

Marco Tabini's Blog: It turns out, I was wrong

Community News: Latest PEAR Releases for 12.01.2008

O'Reilly:
Using Google Code Search to Find Security Bugs

by Chris Cornutt October 13, 2006 @ 10:24:00

On the O'Reilly OnLamp.com site, there's a bit more in-depth look at using the (now infamous) Google Code Search to locate issues with scripts that have been collected over time.

I've written about using Google to find security flaws in the past. However, thanks to Google Code Search, it is now easier to scan publicly available source code for potential security issues. The idea is query Google Code Search using techniques previously reserved for local static code analysis.

The examples he gives include a search for SQL injection in a Java application, a SQL injection in a PHP application, and a cross-site scripting problem in a PHP app blindly echoing out the user's input.

He also includes a few links to some code analysis tools that can be used to help prevent some of these issues - Flawfinder, RATS, and SWAAT

1 comment voice your opinion now!
google code search find security bugs code analysis tool google code search find security bugs code analysis tool

google programmers search engine

by Abi - 06.21.2007 @ 14:28:33

google's programmers search engine http://devshots.com

Devshots returns Google search results, but emphasize on programming related sites and resources. So the search result will be smart and accurate.

is this spam? let us know!

Similar Posts

Felix Geisendorfer's Blog: Exceptional Cake

William Candillon's Blog: PHP source code analysis: PHPCompiler versus Yaxx

Sean Coates\' Blog: Security and...Driving? (and Hiring)

Zend Developer Zone: Security Tips #17 & #18 (When to Secure & File Uploads)

Developer Tutorials Blog: And the winner of the most important security tip competition is...

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework