1、berfore we talking abnout the Source Code review,here's what we want to know about the most popular programming langurages .

  • Web application development :Java C#  NET and PHP
  • Drivers and handware C C#   and assembly language
  • Reverse engineering : Assembly langurage
  • Database : Structured Query LangurageSQL
  • Scripting lanurage: Python Perl and Ruby

2、Secure coding cheklist

  • Authentication and credentials must use TLS and not HTTP cleartext
  • Authentication must be enforced on all page ,except the ones intended to the public
  • the erroe messages pages should not lead to information-gathering disclosure
  • Authenticication logic must be validated on the server
  • Authentication passwords must be saved uner secure hashing algorithms and salting is perferable
  • The password's hashing logic must be on the server side
  • Session must be managed on the server side
  • Session idetifier must be random
  • Any cryptographic functionality to protect data shold be implemented on the server side
  • All data validation must be performed on the server side
  • Encode data before validation
  • All validation failures should be rejected in a custom error message
  • Conduct all the encoding logic on the server side
  • Sanitize all the output of understed data foe SQl ,XML LDAP and operating system commands
  • Do not disclose sensitive information in the error messages, including debuffing information such as stack track
  • Use custom reeor messages and error pages
  • Temporary sensitive data must be stored in a secure location ,and those itmes must be purged as soon as possible
  • Remove comments in the source code that may reveal critical information about the application
  • Sensitive information should should not be used in the query sting
  • Data int the  transit must be encrypted with the lasest and greatest TLS algorithms
  • Make sure that you remove test codes before deployment

3、Rest API ststus return code (this chapter I've already written about  on my previous blog )

  • 200   the action is ok
  • 202  the request to create
  • 204 the post request did not include a client-generated id
  • 400 the request is malformed
  • 401 Wrong authentication ID or credentials
  • 403 an authenticated user does not have permission to access the resource
  • 404 requesting a nonexistant resource
  • 405  Unexpected Http method in the request
  • this error may occur when a dos attack is deleted

4、Passive information gathering reconnaissance ----OSINT

OSINT it mean's  Open Source Intelligence ,let's see the Web search engines

besides baidu and google 、yahu . i often use the http://yandex.com  and  http://duckduckgo.com  as follow

Source Code Review的更多相关文章

  1. 15个最佳的代码评审(Code Review)工具

    代码评审可以被看作是计算机源代码的测试,它的目的是查找和修复引入到开发阶段的应用程序的错误,提高软件的整体素质和开发者的技能.代码审查程序以各种形式,如结对编程,代码抽查等.在这个列表中,我们编制了1 ...

  2. source code analyzer 功能强大的C/C++源代码分析软件 Celerity CRACK 破解版

    特色 迅捷是一个功能强大的C/C++源代码分析软件.可以处理数百万行的源程序代码.支持标准及K&R风格的C/C++.对每一个打开的源代码工程,通过建立一个包含丰富交叉引用关系的数据库,显示其所 ...

  3. 谈一下我们是如何开展code review的

    众所周知,代码审查是软件开发过程中十分重要的环节,楼主结合自己的实际工作经验,和大家分享一下在实际工作中代码审查是如何开展的, 笔者水平有限,若有错误和纰漏,还请大家指正. 代码审查的阻力 我想不通公 ...

  4. [行业关键词] review code review

    意思是   代码评审  或是 代码回顾 代码评审是指在软件开发过程中,通过对源代码进行系统性检查的过程.通常的目的是查找系统缺陷,保证软件总体质量和提高开发者自身水平. Code Review是轻量级 ...

  5. Code Review Checklist

    左按:当年需要一份详细的代码评审清单作参考,翻译了此文. 版权声明:本文为博主原创文章,未经博主允许不得转载.   目录(?)[-] General Code Smoke Test 通用测试 Comm ...

  6. 基于GitLab的Code Review教程

    一.前言 1.本文主要内容 GitLab Code Review机制说明 Git Workflow 与 Git Code Review Workflow GitLab Code Review 配置说明 ...

  7. Spring 4 MVC example with Maven - [Source Code Download]

    In this tutorial, we show you a Spring 4 MVC example, using Maven build tool. Technologies used : Sp ...

  8. Tree - AdaBoost with sklearn source code

    In the previous post we addressed some issue of decision tree, including instability, lack of smooth ...

  9. 项目管理系列--好用的代码评审(Code Review)工具

    1. Gerrit Gerrit is a web based code review system, facilitating online code reviews for projects us ...

随机推荐

  1. 控制结构(9): 管道(pipeline)

    // 上一篇:线性化(linearization) // 下一篇:指令序列(opcode) 最近阅读了酷壳上的一篇深度好文:LINUX PID 1 和 SYSTEMD.这篇文章介绍了systemd干掉 ...

  2. php面向对象之构造函数作用与方法

    什么是构造函数呢?构造函数又有什么作用呢? 构造函数 ,是一种特殊的方法.主要用来在创建对象时初始化对象, 即为对象成员变量赋初始值,总与new运算符一起使用在创建对象的语句中.特别的一个类可以有多个 ...

  3. Python——Django-__init__.py的内容

    一.告诉Django用pymysql来代替默认的MySQLdb(在__init__.py里) import pymysql #告诉Django用pymysql来代替默认的MySQLdb pymysql ...

  4. MySQL报错: SQLSTATE[HY000]: General error: 1030 Got error 28 from storage engine

    执行命令:df -h [root@iZ25z6qcmrhZ ~]# df -hFilesystem Size Used Avail Use% Mounted on/dev/xvda1 40G 38G ...

  5. Linux下C语言生成可执行文件的过程

    在当前目录下创建一个C源文件并打开: touch test.c gedit test.c直接编译: gcc test.c -o test 分步骤编译: 1) 预处理    gcc -E test.c  ...

  6. Python 正则处理_re模块

    正则表达式 动机 文本处理成为计算机常见工作之一 对文本内容搜索,定位,提取是逻辑比较复杂的工作 为了快速方便的解决上述问题,产生了正则表达式技术 定义 文本的高级匹配模式, 提供搜索, 替换, 本质 ...

  7. Magento 架构基础知识概述

    Megento 架构基础知识概述 Magento整合了面向对象的基于PHP的应用程序的核心架构原则.这些一般原则的综合讨论既有在线的,也有印刷形式.以下讨论主要关注这些主题如何直接应用于Magento ...

  8. centos7虚拟机下python3安装matplotlib遇到的一些问题

    1.安装位置 centos7虚拟机+python3.6 2.问题 2.1如果是使用的python2版本可以使用如下方式, #yum search matplotlib 返回如下: 已加载插件:fast ...

  9. python学习day14 装饰器(二)&模块

    装饰器(二)&模块 #普通装饰器基本格式 def wrapper(func): def inner(): pass return func() return inner def func(): ...

  10. pyspider框架学习

    一.crawl()方法学习: 1.url:爬去是的url,可以定义单个,可以定义为url列表. 2.callback:回调函数,指定该url使用哪个方法来解析. 3.age:任务的有效时间. 4.pr ...