April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Examine database queries and connections.
Track use of network communications.
Pulling It All Together
Use tools such as UNIX grep, GNU less, the DOS find command,
UltraEdit, or SourceEdit to look for the functions previously listed.
Q: This is tedious. Do any automated tools do this work?
A: Due to the custom and dynamic nature of source code, it’s very hard to design a
tool that is capable of understanding what the developer intended and how an
attacker might subvert that.Tools such as SourceEdit help highlight some problem
areas—but these tools are far from becoming an automated replacement.
Q: Will outside companies check our source code for ...