java source code audit

From: Guillermo Caminer (gcaminer@flowgate.net)
Date: Wed Oct 03 2007 - 19:21:40 EDT


Hi list!
I'm doing a source code audit of a client-server application developed in Java.
They're using Hibernate, so I'm discarding SQL injection vulnerabilities.
Because they developed a client of their own instead of using a Web browser, I'm discarding XSS, Parameter tamping, XST, etc...
Also, they don't have any 'Bad session store' vulnerabilities.
Finally, because of Java, Buffer overflows are out of the picture.
My question is: what kind of vulnerability should I check for?
Thanks in advance!

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:08 EDT