[Owasp-leaders] Fwd: OWASP volunteer with questions on Java EE source code

Eoin Keary eoin.keary at owasp.org
Tue Aug 5 18:48:21 UTC 2014


Owasp code review guide has a bunch. Sinks and sources.
LAPSE+ (an old tool) has XML config for its sinks and sources so does code-crawler (another old owasp tool)


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 4 Aug 2014, at 20:22, Paul Ritchie <paul.ritchie at owasp.org> wrote:

> To OWASP Leaders:   Occassionally we see these types of questions sent to OWASP, and I thought I'd forward this one on to our expert leaders group.  Anyone want to reach out and start a dialogue wtih Luciano?
> ------- begin message ------------
> 
> Hi,   ( lsampaioweb at gmail.com )
> 
> My name is Luciano Sampaio. I am creating an application that finds security vulnerabilities in the source code of Java EE applications and I was wondering if there is any list with all the "Sources", "Sinks" and "Sanitization" methods that a security application should know of ?
> 
> I tried to find a list like that on the Internet and on your site but I couldn't, so I have created my own list from what I found on other applications. Do you think maybe we can create a page here with this list and help future applications ?
> 
> Thank you!
> Luciano Sampaio
> ------------------------end message -----------------
> -- 
> Best Regards, Paul Ritchie
> OWASP Interim Executive Director
> paul.ritchie at owasp.org
> 
> 
> 
> 
> -- 
> Best Regards, Paul Ritchie
> OWASP Interim Executive Director
> paul.ritchie at owasp.org
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140805/294628d2/attachment.html>


More information about the OWASP-Leaders mailing list