I'd like to find vulnerabilities in my GWT applications.
Thus, I prepared an example application with SQL injection
and cross-site scripting holes.
Now I want to find these holes with automatic tests.
In my opinion, a static analysis is a reasonable way to do this.
At (manually) searching the generated javascript, I located
my variables in the first script-tag in the body and the
corresponding function in the 18th script tag.
Now I have the following questions:
- Is there a documentation of the GWT compiler available,
that shows how the java source is translated into javascript?
Hence, I could inspect only the part of the javascript
that is related to my self-coded java and not to the framwork.
- How can I identify standard parameters and functions (to skip them)?
- Does anyone know a better solution to find the described
vulnerabilities?
- Do you have some hints to perform such a security analysis?
Thanks in advance
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment