[Owasp-leaders] Fwd: OWASP volunteer with questions on Java EE source code

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Mon Aug 4 19:32:12 UTC 2014


Ho,
for Java you have the following rules:

https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java

They covers Java secure coding including Java 8.

You should also tale a look to:
- OWASP TOP 10
- SANS TOP 25

If you need more information contact me directly.

What are you tools specifications? What do you expect?

Azzeddine RAMRAMI
Secure Coding Instructors
OWASP Morocco Chapter Leader
Mozilla Mentors






On Mon, Aug 4, 2014 at 9:22 PM, Paul Ritchie <paul.ritchie at owasp.org> wrote:

> To OWASP Leaders:   Occassionally we see these types of questions sent to
> OWASP, and I thought I'd forward this one on to our expert leaders group.
>  Anyone want to reach out and start a dialogue wtih Luciano?
> ------- begin message ------------
>
> Hi,   ( lsampaioweb at gmail.com )
>
> My name is Luciano Sampaio. I am creating an application that finds
> security vulnerabilities in the source code of Java EE applications and I
> was wondering if there is any list with all the "Sources", "Sinks" and
> "Sanitization" methods that a security application should know of ?
>
> I tried to find a list like that on the Internet and on your site but I
> couldn't, so I have created my own list from what I found on other
> applications. Do you think maybe we can create a page here with this list
> and help future applications ?
>
> Thank you!
> Luciano Sampaio
> ------------------------end message -----------------
> --
> Best Regards, Paul Ritchie
> OWASP Interim Executive Director
> paul.ritchie at owasp.org
>
>
>
>
> --
> Best Regards, Paul Ritchie
> OWASP Interim Executive Director
> paul.ritchie at owasp.org
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Azzeddine RAMRAMI
+33 6 65 48 90 04.
Enterprise Security Architect
OWASP Leader (Morocco Chapter)
Mozilla Security Projects Mentor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140804/95c84842/attachment-0001.html>


More information about the OWASP-Leaders mailing list