Security Code Review – String Search Patterns For Finding Vulnerabilities In ASP.NET Web Application

"The hardest thing of all is to find a black cat in a dark room, especially if there is no cat." – Confucius

Security code inspections is sort of searching in the dark. However, security vulnerabilities in many cases* are recurrent anti-patterns that can be identified by well defined set of string searches.

This post sheds a light into the dark room to help finding those black cats – security vulnerabilities.

Search Toolset

These are the tools I use to perform text searches.

Security Vulnerabilities Search Patterns

First, define what you want to search. Here is one example how to do it – Generate Your Own Security Code Review Checklist Document Using Outlook 2007. Then start searching. These are few search patterns that can help you getting on track of finding security vulnerabilities:

Related materials

Happy searching, alikl


*Searching for strings can lead to hotspots – potential security vulnerabilities – but not finding all the security vulnerabilities. Sometimes it hits the vulnerabilities right between the eyes, sometimes it misses it. But it surely helps narrowing the security inspection scope.

Comments (2)

  1. Recently, while I visited a new customer, someone rushed to the room shouting – someone had hacked our

  2. You probably heard about SDL few times. This is the process that MS apply when developing its products