Welcome to MSDN Blogs Sign in | Join | Help

News

  • This blog is provided "AS IS" with no warranties, and confers no rights. Opinions are not necessarily of Microsoft. You can contact the Application Consulting & Engineering Team (ACE Team) by leaving comments, clicking on Contact or Emailing us.

Security Code Review – String Search Patterns For Finding Vulnerabilities In ASP.NET Web Application

"The hardest thing of all is to find a black cat in a dark room, especially if there is no cat." – Confucius

Security code inspections is sort of searching in the dark. However, security vulnerabilities in many cases* are recurrent anti-patterns that can be identified by well defined set of string searches.

This post sheds a light into the dark room to help finding those black cats – security vulnerabilities.

Search Toolset

These are the tools I use to perform text searches.

Security Vulnerabilities Search Patterns

First, define what you want to search. Here is one example how to do it - Generate Your Own Security Code Review Checklist Document Using Outlook 2007. Then start searching. These are few search patterns that can help you getting on track of finding security vulnerabilities:

Related materials

Happy searching, alikl

________

*Searching for strings can lead to hotspots – potential security vulnerabilities – but not finding all the security vulnerabilities. Sometimes it hits the vulnerabilities right between the eyes, sometimes it misses it. But it surely helps narrowing the security inspection scope.

Posted: Thursday, July 24, 2008 1:17 PM by ACE Team
Filed under:

Comments

בלוג היועצים של מיקרוסופט ישראל said:

Recently, while I visited a new customer, someone rushed to the room shouting – someone had hacked our

# August 6, 2008 3:57 AM

בלוג היועצים של מיקרוסופט ישראל said:

You probably heard about SDL few times. This is the process that MS apply when developing its products

# September 26, 2008 3:44 PM
New Comments to this post are disabled
Page view tracker