[SC-L] [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about
Steven M. Christey
coley at linus.mitre.org
Thu Mar 18 17:40:11 EDT 2010
CWE, CLASP, and some other information sources have a number of code
snippets that highlight various weaknesses. In CWE, this code is easily
extractable from the XML by grabbing the Demonstrative_Examples element,
and we've even conveniently labeled examples with the various languages.
You could also grab the CVE real-world examples from the Observed_Examples
element.
Note that the code examples are by no means complete, but they might be
good enough to start with. If you pore through CVE, you will soon realize
that it can be very time-consuming to go from a real-world open-source
vuln report to the actual code snippet.
- Steve
More information about the SC-L
mailing list