[SC-L] Insecure Java Code Snippets

[Brad Andrews]

Thanks Karen, that site may have enough of what I can use.  Still a  
bit of work to do, but worth pursuing.  The other sources were a bit  
too short on the snippets side, which is my fault for not making the  
question better.

I don't know how many of you used to read the C-Lint ads that said  
"find the bug in this C code".  They were very difficult in all the  
cases I worked at.  :)

The whole point of their ad was that their product would find things  
you couldn't find easily in a manual review.  I want something like  
that.  Just playing "tell me the security flaw in these 3 lines of  
code will not do quite the same thing.

I will find a copy of Core Java to look through again, but I don't  
recall seeing things in this format when I looked before.

The challenge with this is that I need something that fits well in a  
single PowerPoint slide (so it can be viewed while the participants  
eat).  It also has to be fairly difficult.  I am not sure that just  
"not filtering user input" is sufficiently strong.  I want something  
that would take some thinking.

I expect that I will have to design and format these myself, but I  
would love to have something sooner by using something that already  
did this.

Thanks for the other replies.  I am going to check out the NIST site  
some more.  I will read over the other sites, but using them will take  
more effort than I was hoping for.

Brad

Quoting "Goertzel, Karen [USA]" <goertzel_karen at bah.com>:

> The NIST SAMATE Reference Dataset has mainly C code in it, but there  
>  is also Java, C++, and PHP. There's a search function that allows   
> you to search by programming language to find what you want.
>
> http://samate.nist.gov/SRD/