Security Code Review – String Search Patterns For Finding Vulnerabilities In ASP.NET Web Application

"The hardest thing of all is to find a black cat in a dark room, especially if there is no cat." – Confucius

Security code inspections is sort of searching in the dark. However, security vulnerabilities in many cases* are recurrent anti-patterns that can be identified by well defined set of string searches.

This post sheds a light into the dark room to help finding those black cats – security vulnerabilities.

Search Toolset

These are the tools I use to perform text searches.

Security Vulnerabilities Search Patterns

First, define what you want to search. Here is one example how to do it - Generate Your Own Security Code Review Checklist Document Using Outlook 2007. Then start searching. These are few search patterns that can help you getting on track of finding security vulnerabilities:

Happy searching, alikl


*Searching for strings can lead to hotspots – potential security vulnerabilities – but not finding all the security vulnerabilities. Sometimes it hits the vulnerabilities right between the eyes, sometimes it misses it. But it surely helps narrowing the security inspection scope.