1、berfore we talking abnout the Source Code review,here's what we want to know about the most popular programming langurages .

  • Web application development :Java C#  NET and PHP
  • Drivers and handware C C#   and assembly language
  • Reverse engineering : Assembly langurage
  • Database : Structured Query LangurageSQL
  • Scripting lanurage: Python Perl and Ruby

2、Secure coding cheklist

  • Authentication and credentials must use TLS and not HTTP cleartext
  • Authentication must be enforced on all page ,except the ones intended to the public
  • the erroe messages pages should not lead to information-gathering disclosure
  • Authenticication logic must be validated on the server
  • Authentication passwords must be saved uner secure hashing algorithms and salting is perferable
  • The password's hashing logic must be on the server side
  • Session must be managed on the server side
  • Session idetifier must be random
  • Any cryptographic functionality to protect data shold be implemented on the server side
  • All data validation must be performed on the server side
  • Encode data before validation
  • All validation failures should be rejected in a custom error message
  • Conduct all the encoding logic on the server side
  • Sanitize all the output of understed data foe SQl ,XML LDAP and operating system commands
  • Do not disclose sensitive information in the error messages, including debuffing information such as stack track
  • Use custom reeor messages and error pages
  • Temporary sensitive data must be stored in a secure location ,and those itmes must be purged as soon as possible
  • Remove comments in the source code that may reveal critical information about the application
  • Sensitive information should should not be used in the query sting
  • Data int the  transit must be encrypted with the lasest and greatest TLS algorithms
  • Make sure that you remove test codes before deployment

3、Rest API ststus return code (this chapter I've already written about  on my previous blog )

  • 200   the action is ok
  • 202  the request to create
  • 204 the post request did not include a client-generated id
  • 400 the request is malformed
  • 401 Wrong authentication ID or credentials
  • 403 an authenticated user does not have permission to access the resource
  • 404 requesting a nonexistant resource
  • 405  Unexpected Http method in the request
  • this error may occur when a dos attack is deleted

4、Passive information gathering reconnaissance ----OSINT

OSINT it mean's  Open Source Intelligence ,let's see the Web search engines

besides baidu and google 、yahu . i often use the http://yandex.com  and  http://duckduckgo.com  as follow

Source Code Review的更多相关文章

  1. 15个最佳的代码评审(Code Review)工具

    代码评审可以被看作是计算机源代码的测试,它的目的是查找和修复引入到开发阶段的应用程序的错误,提高软件的整体素质和开发者的技能.代码审查程序以各种形式,如结对编程,代码抽查等.在这个列表中,我们编制了1 ...

  2. source code analyzer 功能强大的C/C++源代码分析软件 Celerity CRACK 破解版

    特色 迅捷是一个功能强大的C/C++源代码分析软件.可以处理数百万行的源程序代码.支持标准及K&R风格的C/C++.对每一个打开的源代码工程,通过建立一个包含丰富交叉引用关系的数据库,显示其所 ...

  3. 谈一下我们是如何开展code review的

    众所周知,代码审查是软件开发过程中十分重要的环节,楼主结合自己的实际工作经验,和大家分享一下在实际工作中代码审查是如何开展的, 笔者水平有限,若有错误和纰漏,还请大家指正. 代码审查的阻力 我想不通公 ...

  4. [行业关键词] review code review

    意思是   代码评审  或是 代码回顾 代码评审是指在软件开发过程中,通过对源代码进行系统性检查的过程.通常的目的是查找系统缺陷,保证软件总体质量和提高开发者自身水平. Code Review是轻量级 ...

  5. Code Review Checklist

    左按:当年需要一份详细的代码评审清单作参考,翻译了此文. 版权声明:本文为博主原创文章,未经博主允许不得转载.   目录(?)[-] General Code Smoke Test 通用测试 Comm ...

  6. 基于GitLab的Code Review教程

    一.前言 1.本文主要内容 GitLab Code Review机制说明 Git Workflow 与 Git Code Review Workflow GitLab Code Review 配置说明 ...

  7. Spring 4 MVC example with Maven - [Source Code Download]

    In this tutorial, we show you a Spring 4 MVC example, using Maven build tool. Technologies used : Sp ...

  8. Tree - AdaBoost with sklearn source code

    In the previous post we addressed some issue of decision tree, including instability, lack of smooth ...

  9. 项目管理系列--好用的代码评审(Code Review)工具

    1. Gerrit Gerrit is a web based code review system, facilitating online code reviews for projects us ...

随机推荐

  1. Eclipse常用设置及快捷键

    1. Eclipse常用设置 1.1 代码自动提示 选择菜单:Window -> Preferences -> Java -> Editor -> Content Assist ...

  2. Flask初识

    一.Flask初识 1.Flask介绍 Flask是一个使用 Python 编写的轻量级 Web 应用框架.其 WSGI 工具箱采用 Werkzeug服务 ,模板引擎则使用 Jinja2 .Flask ...

  3. Windows + Ubuntu 16.04 双系统安装详细教程

    Windows + Ubuntu 16.04 双系统安装详细教程 2018年01月28日 16:43:19 flyyufenfei 阅读数:165619   发现了一篇好教程,果断转载了,以后用得着时 ...

  4. GDOI2018游记&题解

    day0 第一件事当然是去酒店入住+领一堆东西. 感觉酒店不错,而且离学校挺近的,走路10分钟不到,骑车5分钟就到了. 然后去学校吃饭.我们在教工饭堂吃饭,饭菜还不错,但是没有筷子差评. 吃完饭后找了 ...

  5. Magento2 常见错误 ----- 定期更新

    1.静态文件有版本号,静态文件不能读取,页面无法显示.如下图: 解决方案:其实URL里的版本号对于magento来说是合法的,这是因为我们缺少了一个文件\pub\static\.htaccess:导致 ...

  6. CentOS7配置iptables防火墙

    CentOS 7中默认是firewalld防火墙,如果使用iptables需要先关闭firewalld防火墙(1.关闭防火墙,2.取消开机启动). #关闭firewalld systemctl sto ...

  7. 金融量化分析【day112】:量化平台的使用-第一个策略

    一.策略代码 # 导入函数库 import jqdata #初始化函数,设定基准等等 def initialize(context): set_benchmark('000300.XSHG') g.s ...

  8. Matlab怎么修改显示数值格式/精度/小数位数

    参考:https://jingyan.baidu.com/article/7f41ecec1ad029593c095c70.html

  9. LFYZ-OJ ID: 1011 hanoi双塔问题

    思路 虽然每种大小盘子数量为2,但对总步数的影响只是一个简单的倍数关系而已,递推关系很容易可以总结出来:an=an-1+2+an-1=2(an-1+1),n=1时,a1=2.故递推的过程就是从a1=2 ...

  10. springBoot总结

    springBoot总结: ssm基本的依赖: <dependencies> <!--添加依赖thymeleaf 可以访问html页面--> <!--<depend ...