http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspxReposted from Security Code Inspection - First Look For What To Look For for further reuse on this blog. I found it extremely productive to first look for strings in the code. But what strings to look for? And how to look for the strings? Looking intoen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#8770003Thu, 24 Jul 2008 23:17:44 GMT91d46819-8472-40ad-a661-2c78acb4018c:8770003ACE Team - Security, Performance & Privacy<p>&amp;quot;The hardest thing of all is to find a black cat in a dark room, especially if there is no cat.&amp;quot;</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8770003" width="1" height="1">http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#8289688Mon, 17 Mar 2008 17:56:47 GMT91d46819-8472-40ad-a661-2c78acb4018c:8289688alik levin's<p>Want to quickly check your ASP.NET Web application for Cross Site Scripting (XSS) vulnerability ? It</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8289688" width="1" height="1">http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#7222040Thu, 24 Jan 2008 16:38:51 GMT91d46819-8472-40ad-a661-2c78acb4018c:7222040alik levin's<p>How to streamline the process of capturing security flaws during security code review? How to save time</p><img src="http://blogs.msdn.com/aggbug.aspx?PostID=7222040" width="1" height="1">http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#6631022Sat, 01 Dec 2007 17:16:54 GMT91d46819-8472-40ad-a661-2c78acb4018c:6631022alik levin's<p>DIR /S /B /A:-D I use simple DIR command to generate file lists. It serves me in many scenarios. For</p><img src="http://blogs.msdn.com/aggbug.aspx?PostID=6631022" width="1" height="1">http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#3734225Fri, 06 Jul 2007 23:49:14 GMT91d46819-8472-40ad-a661-2c78acb4018c:3734225alik levin's<p>Are you using Typed DataSet as DTO (data transfer object) ? Are you building distributed systems where</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=3734225" width="1" height="1">http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#2178180Wed, 18 Apr 2007 20:47:28 GMT91d46819-8472-40ad-a661-2c78acb4018c:2178180alik levin's<p>Imagine if security was cool like Silverlight .... But security is not that cool, so the biggest challenge</p><img src="http://blogs.msdn.com/aggbug.aspx?PostID=2178180" width="1" height="1">http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#2001474Sat, 31 Mar 2007 23:04:45 GMT91d46819-8472-40ad-a661-2c78acb4018c:2001474alik levin's<p>Here are couple of techniques I used for searching hints of SQL Injections in .Net apps. The basic approach</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=2001474" width="1" height="1">http://blogs.msdn.com/b/alikl/archive/2007/03/20/code-inspection-first-look-for-what-to-look-for.aspx#1952408Mon, 26 Mar 2007 17:04:57 GMT91d46819-8472-40ad-a661-2c78acb4018c:1952408alik levin's<p>In my previous post, Code Inspection - First Look For What To Look For , I've described how to look for</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=1952408" width="1" height="1">