Re: Vuln Scanner for Web App Source Code

---

• From: Jason <securitux@xxxxxxxxx>
• Date: Tue, 20 May 2008 12:49:52 -0400

---

Fortify and Ounce both have source code scanners and both are quite
capable (at least seem to be). I am in the middle of trying to figure
out which one to use for our source code analysis projects.

Cenzic Hailstorm and SPI Dynamics Web Inspect are vulnerability
scanners ONLY and do NOT inspect source code. Same with Paros Proxy,
this is a pen testing / VA tool more than anything.

I'd still recommend you do manual checks in addition to using a source
code scanner. You'll have to to verify the results.

-J

On 18 May 2008 04:15:50 -0000, cnanne@xxxxxxxxx <cnanne@xxxxxxxxx> wrote:

This might be a bit of a dumb question, but does anyone know of a good Vulnerability Scanner for finding faults in the actual Source Code of the Web App? Or can this task can only be done by hand?


Any feedback on this is highly appreciative



cheers,


PhoenixRbrth

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: Vuln Scanner for Web App Source Code
    • From: Mike Duncan
  • Re: Vuln Scanner for Web App Source Code
    • From: bugtraq

• References:
  • Vuln Scanner for Web App Source Code
    • From: cnanne

• Prev by Date: Re: username and Password sent as clear text strings
• Next by Date: Re: username and Password sent as clear text strings
• Previous by thread: Re: Vuln Scanner for Web App Source Code
• Next by thread: Re: Vuln Scanner for Web App Source Code
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Vuln Scanner for Web App Source Code ... there are plenty of source code scanners... ... in Securing Web Applications ... Get Webinar Recording and PPT Slides ... (Pen-Test) Re: Vuln Scanner for Web App Source Code ... scanners ONLY and do NOT inspect source code. ... Get Webinar Recording and PPT Slides ... (Pen-Test) Re: Vuln Scanner for Web App Source Code ... out which one to use for our source code analysis projects. ... code scanner. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... in Securing Web Applications ... (Pen-Test) Vuln Scanner for Web App Source Code ... This might be a bit of a dumb question, but does anyone know of a good Vulnerability Scanner for finding faults in the actual Source Code of the Web App? ... in Securing Web Applications ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2008-05