Re: Secure Code review for JAVA applications



Im not sure of any opensource tools for it, but at work we use fortify sca.
http://www.fortify.com/products/sca/

Im not sure on the price we payed for it, as that decision is above my
pay grade, but I heard it was a lot. I know they have some sort of
training that you can take, that will give you a lab license for a
year, so you can play around with it. I assume that is significantly
less then the whole price.

On Thu, Apr 24, 2008 at 2:57 AM, pentestr <pentestr@xxxxxxxxx> wrote:
Hi hack3r$,
I am new into secure code review. I would like to know 1. any sample
application for secure code review (like webgoat and hackme books for pen
testing of application). 2. Open source secure code review tools for JAVA
applications?

Thanks&Rgds
P.T.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------





--
Nathaniel Hirsch, CISSP

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------