[Owasp-leaders] Fwd: OWASP volunteer with questions on Java EE source code
Eoin Keary
eoin.keary at owasp.org
Tue Aug 5 18:48:21 UTC 2014
Owasp code review guide has a bunch. Sinks and sources.
LAPSE+ (an old tool) has XML config for its sinks and sources so does code-crawler (another old owasp tool)
Eoin Keary
Owasp Global Board
+353 87 977 2988
On 4 Aug 2014, at 20:22, Paul Ritchie <paul.ritchie at owasp.org> wrote:
> To OWASP Leaders: Occassionally we see these types of questions sent to OWASP, and I thought I'd forward this one on to our expert leaders group. Anyone want to reach out and start a dialogue wtih Luciano?
> ------- begin message ------------
>
> Hi, ( lsampaioweb at gmail.com )
>
> My name is Luciano Sampaio. I am creating an application that finds security vulnerabilities in the source code of Java EE applications and I was wondering if there is any list with all the "Sources", "Sinks" and "Sanitization" methods that a security application should know of ?
>
> I tried to find a list like that on the Internet and on your site but I couldn't, so I have created my own list from what I found on other applications. Do you think maybe we can create a page here with this list and help future applications ?
>
> Thank you!
> Luciano Sampaio
> ------------------------end message -----------------
> --
> Best Regards, Paul Ritchie
> OWASP Interim Executive Director
> paul.ritchie at owasp.org
>
>
>
>
> --
> Best Regards, Paul Ritchie
> OWASP Interim Executive Director
> paul.ritchie at owasp.org
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140805/294628d2/attachment.html>
More information about the OWASP-Leaders
mailing list