1、berfore we talking abnout the Source Code review,here's what we want to know about the most popular programming langurages .

  • Web application development :Java C#  NET and PHP
  • Drivers and handware C C#   and assembly language
  • Reverse engineering : Assembly langurage
  • Database : Structured Query LangurageSQL
  • Scripting lanurage: Python Perl and Ruby

2、Secure coding cheklist

  • Authentication and credentials must use TLS and not HTTP cleartext
  • Authentication must be enforced on all page ,except the ones intended to the public
  • the erroe messages pages should not lead to information-gathering disclosure
  • Authenticication logic must be validated on the server
  • Authentication passwords must be saved uner secure hashing algorithms and salting is perferable
  • The password's hashing logic must be on the server side
  • Session must be managed on the server side
  • Session idetifier must be random
  • Any cryptographic functionality to protect data shold be implemented on the server side
  • All data validation must be performed on the server side
  • Encode data before validation
  • All validation failures should be rejected in a custom error message
  • Conduct all the encoding logic on the server side
  • Sanitize all the output of understed data foe SQl ,XML LDAP and operating system commands
  • Do not disclose sensitive information in the error messages, including debuffing information such as stack track
  • Use custom reeor messages and error pages
  • Temporary sensitive data must be stored in a secure location ,and those itmes must be purged as soon as possible
  • Remove comments in the source code that may reveal critical information about the application
  • Sensitive information should should not be used in the query sting
  • Data int the  transit must be encrypted with the lasest and greatest TLS algorithms
  • Make sure that you remove test codes before deployment

3、Rest API ststus return code (this chapter I've already written about  on my previous blog )

  • 200   the action is ok
  • 202  the request to create
  • 204 the post request did not include a client-generated id
  • 400 the request is malformed
  • 401 Wrong authentication ID or credentials
  • 403 an authenticated user does not have permission to access the resource
  • 404 requesting a nonexistant resource
  • 405  Unexpected Http method in the request
  • this error may occur when a dos attack is deleted

4、Passive information gathering reconnaissance ----OSINT

OSINT it mean's  Open Source Intelligence ,let's see the Web search engines

besides baidu and google 、yahu . i often use the http://yandex.com  and  http://duckduckgo.com  as follow

Source Code Review的更多相关文章

  1. 15个最佳的代码评审(Code Review)工具

    代码评审可以被看作是计算机源代码的测试,它的目的是查找和修复引入到开发阶段的应用程序的错误,提高软件的整体素质和开发者的技能.代码审查程序以各种形式,如结对编程,代码抽查等.在这个列表中,我们编制了1 ...

  2. source code analyzer 功能强大的C/C++源代码分析软件 Celerity CRACK 破解版

    特色 迅捷是一个功能强大的C/C++源代码分析软件.可以处理数百万行的源程序代码.支持标准及K&R风格的C/C++.对每一个打开的源代码工程,通过建立一个包含丰富交叉引用关系的数据库,显示其所 ...

  3. 谈一下我们是如何开展code review的

    众所周知,代码审查是软件开发过程中十分重要的环节,楼主结合自己的实际工作经验,和大家分享一下在实际工作中代码审查是如何开展的, 笔者水平有限,若有错误和纰漏,还请大家指正. 代码审查的阻力 我想不通公 ...

  4. [行业关键词] review code review

    意思是   代码评审  或是 代码回顾 代码评审是指在软件开发过程中,通过对源代码进行系统性检查的过程.通常的目的是查找系统缺陷,保证软件总体质量和提高开发者自身水平. Code Review是轻量级 ...

  5. Code Review Checklist

    左按:当年需要一份详细的代码评审清单作参考,翻译了此文. 版权声明:本文为博主原创文章,未经博主允许不得转载.   目录(?)[-] General Code Smoke Test 通用测试 Comm ...

  6. 基于GitLab的Code Review教程

    一.前言 1.本文主要内容 GitLab Code Review机制说明 Git Workflow 与 Git Code Review Workflow GitLab Code Review 配置说明 ...

  7. Spring 4 MVC example with Maven - [Source Code Download]

    In this tutorial, we show you a Spring 4 MVC example, using Maven build tool. Technologies used : Sp ...

  8. Tree - AdaBoost with sklearn source code

    In the previous post we addressed some issue of decision tree, including instability, lack of smooth ...

  9. 项目管理系列--好用的代码评审(Code Review)工具

    1. Gerrit Gerrit is a web based code review system, facilitating online code reviews for projects us ...

随机推荐

  1. Jmeter录制手机app脚本

    转:http://www.cnblogs.com/yangxia-test/p/5484616.html   环境准备: 1.手机 2.wifi 3.Jmeter   具体步骤: 1.启动Jmeter ...

  2. 爬取页面InsecureRequestWarning: 警告解决笔记

    InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is s ...

  3. BZOJ4621 Tc605(动态规划)

    容易发现最终序列所有数字的相对顺序不变,一个数字可能的覆盖范围由两边第一个比它大的数决定,且若不考虑次数限制所有这样的序列都可以变换得到.对于一个序列,其需要的最少变换次数显然就是覆盖了别的位置的数的 ...

  4. python之pymongo

    引入 在这里我们来看一下Python3下MongoDB的存储操作,在本节开始之前请确保你已经安装好了MongoDB并启动了其服务,另外安装好了Python的PyMongo库. MongoDB 数据库安 ...

  5. Redis DeskTop Manager 使用教程

    redis desktop manager windows 是一款能够跨平台使用的开源性redis可视化工具. redis desktop manager主要针对redis开发设计,拥有直观强大的可视 ...

  6. LOJ #2731. 「JOISC 2016 Day 1」棋盘游戏(dp)

    题意 JOI 君有一个棋盘,棋盘上有 \(N\) 行 \(3\) 列 的格子.JOI 君有若干棋子,并想用它们来玩一个游戏.初始状态棋盘上至少有一个棋子,也至少有一个空位. 游戏的目标是:在还没有放棋 ...

  7. 【BZOJ5495】[十二省联考2019]异或粽子(主席树,贪心)

    [BZOJ5495][十二省联考2019]异或粽子(主席树,贪心) 题面 BZOJ 洛谷 题解 这不是送分题吗... 转异或前缀和,构建可持久化\(Trie\). 然后拿一个堆维护每次的最大值,每次如 ...

  8. Day040--HTML&CSS

    内容回顾: 标签分类: (1)行内标签 span 小跨度的标签 i em a 特点: (1)在一行内显示 (2)不能设置宽高,如果不设置宽高,默认是内容的宽高 (2)块级标签 h1~h6 h1页面中尽 ...

  9. css流式布局

    elem{ width:1160px;/*流式布局的总宽度*/ column-width:375px; -moz-column-width: 375px; /*每列宽度*/ -webkit-colum ...

  10. Fiddler--Filters

    本篇主要介绍Fiddler中Filters(过滤器)选项功能. 先看看Filters的界面: 一.模块一 当勾选“Use Filters”,Filters才开始工作:否则Filters中的设置内容将无 ...