I need some pointers to any resources (videos from any conferences or general vi
ID: 662110 • Letter: I
Question
I need some pointers to any resources (videos from any conferences or general videos, pdf, anything) for secure source code reviewing of multi-tiered web-apps in JAX-WS, Spring or Hibernate. I am especially interested in know what are the security vulnerabilities that can occur when using these specific frameworks. I am currently reading the Chapters 17, 18 and 19 of the 2nd edition of Web Application's Hacker's Handbook. I think its good but I get a feeling that it just scratches the surface (or a kind of intro stuff). I'm not saying its not good, but I want to read more about it. Any links would be helpful.
Thanks!
Explanation / Answer
I myself am not too familiar with the frameworks that you have detailed, but there are some great generic resources at your disposable relating to vulnerabilities per framework/product or vendor. The two I frequent are CVE Details and CWE Mitre. Both sites allow for search for vulnerabilities that relate to your frameworks. I prefer CVE details, as it provides a great list of references, some of which may include conferences or the pdfs you are searching for.