Security Code Review- Identifying Web Vulnerabilities

Error message

  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).

Contributed by Kiran Maraju. Revived from the old Infosecwriters.com site.

This paper gives an introduction of security code review inspections, and provides details about web application security vulnerabilities identification in the source code. This paper gives the details of the inspections to perform on the Java/J2EE source code. This paper explains the process of identifying vulnerable code and remediation details. This paper illustrates the specific locations of code flows to be checked to identify web application vulnerabilities.

This document is in PDF format. To view it click here.

Rate this article: 
Average: 5 (1 vote)