1、berfore we talking abnout the Source Code review,here's what we want to know about the most popular programming langurages .

  • Web application development :Java C#  NET and PHP
  • Drivers and handware C C#   and assembly language
  • Reverse engineering : Assembly langurage
  • Database : Structured Query LangurageSQL
  • Scripting lanurage: Python Perl and Ruby

2、Secure coding cheklist

  • Authentication and credentials must use TLS and not HTTP cleartext
  • Authentication must be enforced on all page ,except the ones intended to the public
  • the erroe messages pages should not lead to information-gathering disclosure
  • Authenticication logic must be validated on the server
  • Authentication passwords must be saved uner secure hashing algorithms and salting is perferable
  • The password's hashing logic must be on the server side
  • Session must be managed on the server side
  • Session idetifier must be random
  • Any cryptographic functionality to protect data shold be implemented on the server side
  • All data validation must be performed on the server side
  • Encode data before validation
  • All validation failures should be rejected in a custom error message
  • Conduct all the encoding logic on the server side
  • Sanitize all the output of understed data foe SQl ,XML LDAP and operating system commands
  • Do not disclose sensitive information in the error messages, including debuffing information such as stack track
  • Use custom reeor messages and error pages
  • Temporary sensitive data must be stored in a secure location ,and those itmes must be purged as soon as possible
  • Remove comments in the source code that may reveal critical information about the application
  • Sensitive information should should not be used in the query sting
  • Data int the  transit must be encrypted with the lasest and greatest TLS algorithms
  • Make sure that you remove test codes before deployment

3、Rest API ststus return code (this chapter I've already written about  on my previous blog )

  • 200   the action is ok
  • 202  the request to create
  • 204 the post request did not include a client-generated id
  • 400 the request is malformed
  • 401 Wrong authentication ID or credentials
  • 403 an authenticated user does not have permission to access the resource
  • 404 requesting a nonexistant resource
  • 405  Unexpected Http method in the request
  • this error may occur when a dos attack is deleted

4、Passive information gathering reconnaissance ----OSINT

OSINT it mean's  Open Source Intelligence ,let's see the Web search engines

besides baidu and google 、yahu . i often use the http://yandex.com  and  http://duckduckgo.com  as follow

Source Code Review的更多相关文章

  1. 15个最佳的代码评审(Code Review)工具

    代码评审可以被看作是计算机源代码的测试,它的目的是查找和修复引入到开发阶段的应用程序的错误,提高软件的整体素质和开发者的技能.代码审查程序以各种形式,如结对编程,代码抽查等.在这个列表中,我们编制了1 ...

  2. source code analyzer 功能强大的C/C++源代码分析软件 Celerity CRACK 破解版

    特色 迅捷是一个功能强大的C/C++源代码分析软件.可以处理数百万行的源程序代码.支持标准及K&R风格的C/C++.对每一个打开的源代码工程,通过建立一个包含丰富交叉引用关系的数据库,显示其所 ...

  3. 谈一下我们是如何开展code review的

    众所周知,代码审查是软件开发过程中十分重要的环节,楼主结合自己的实际工作经验,和大家分享一下在实际工作中代码审查是如何开展的, 笔者水平有限,若有错误和纰漏,还请大家指正. 代码审查的阻力 我想不通公 ...

  4. [行业关键词] review code review

    意思是   代码评审  或是 代码回顾 代码评审是指在软件开发过程中,通过对源代码进行系统性检查的过程.通常的目的是查找系统缺陷,保证软件总体质量和提高开发者自身水平. Code Review是轻量级 ...

  5. Code Review Checklist

    左按:当年需要一份详细的代码评审清单作参考,翻译了此文. 版权声明:本文为博主原创文章,未经博主允许不得转载.   目录(?)[-] General Code Smoke Test 通用测试 Comm ...

  6. 基于GitLab的Code Review教程

    一.前言 1.本文主要内容 GitLab Code Review机制说明 Git Workflow 与 Git Code Review Workflow GitLab Code Review 配置说明 ...

  7. Spring 4 MVC example with Maven - [Source Code Download]

    In this tutorial, we show you a Spring 4 MVC example, using Maven build tool. Technologies used : Sp ...

  8. Tree - AdaBoost with sklearn source code

    In the previous post we addressed some issue of decision tree, including instability, lack of smooth ...

  9. 项目管理系列--好用的代码评审(Code Review)工具

    1. Gerrit Gerrit is a web based code review system, facilitating online code reviews for projects us ...

随机推荐

  1. Python_Int

    int型 用于计算. 十进制转化成二进制的有效位数. 1 0000 0001 2 0000 0010 3 0000 0011 ... ... 100 ? 计算十进制转化成二进制的有效位数.(使用bit ...

  2. 控制结构(1): 分枝/叶子(branch/leaf)

    // 下一篇:卫语句(guard clause) 典型代码: function doSomething1(){ // ... } function doSomething2(){ // ... } f ...

  3. CodeForces Round #552 Div.3

    A. Restoring Three Numbers 代码: #include <bits/stdc++.h> using namespace std; ]; int a, b, c; i ...

  4. [官网]Using PuTTY

    Previous | Contents | Next Chapter 3: Using PuTTY Section 3.1: During your session Section 3.1.1: Co ...

  5. Uint 7.文本和字体属性,background,精灵图和3种定位

    一. 文本属性 CSS 文本属性可定义文本的外观. 通过文本属性,您可以改变文本的颜色.字符间距,对齐文本,装饰文本,对文本进行缩进,等等. <!DOCTYPE html> <htm ...

  6. JS自动微信消息轰炸

    打开网页版本微信,按f12,以console台 输入下边这段代码 setInterval(function(){$('.edit_area').html('需要发送的文字');$(".edi ...

  7. Git里有些费解的术语和设计

    关于暂存区, 好几个地方都写到了 正在编辑的文件 --> Unchacked/Modified, 而Unchacked/Modified, 的状态也可以叫 to be committed . 这 ...

  8. Platform.Uno介绍

    编者语:Xamarin国内很多人说缺乏可用的实例,我在写书过程中在完善一些常用场景的例子,希望帮到大家.Build 2018结束一周了,善友问我要不要谈谈Xamarin的一些变化,但碍于时间有限一直没 ...

  9. Linux-Centos破解安装confluene6.3.1

    Centos 安装企业wiki confluence是一个专业的企业知识管理与协同软件,可以用于构建企业wiki.通过它可以实现团队成员之间的协作和知识共享.现在大多数公司都会部署一套confluen ...

  10. 初识 go 语言

    目录 go简介 安装 hello world 函数 变量 常量 可见性规则 结束 前言: 最近组内要试水区块链,初步方案定为使用fabirc来弄,而fabric的智能合约就是用go写的,借此机会正好学 ...