Re: Source code audit tool
From: lupin (lupin9809_at_hotmail.com)
Date: 10/15/03
- Previous message: Axelle Apvrille: "Re: Source code audit tool"
- Maybe in reply to: lupin: "Source code audit tool"
- Next in thread: Kenneth R. van Wyk: "Re: Source code audit tool"
- Reply: Kenneth R. van Wyk: "Re: Source code audit tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Oct 2003 17:52:58 -0000 To: secprog@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20031015123244.25243.qmail@sf-www3-symnsj.securityfocus.com>
Thanks for your answer,
I know those tools too, but they are scanning only C/C++ source code and I'm looking for a tool which scan Java code. (or/and JSP)
The goal is to have a tool which validate taht the code we wrote is secure.
Regards,
lupin
>Hi, I don't know any tool specifically targeting web applications,
>but if you're looking for source code scanners, you can have a look
>at FlawFinder, RATS or ITS4. They are simple to use, and do not
>require code instrumenting. However, they will mainly only find
>buffer overflows and format string vulnerabilities. Nevertheless,
>they're useful.
>
>http://www.dwheeler.com/flawfinder/
>http://www.securesoftware.com/download_form_rats.htm
>http://www.cigital.com/its4
>
>If you find others that are useful, please let me know.
>
>Regards,
>Axelle.
- Previous message: Axelle Apvrille: "Re: Source code audit tool"
- Maybe in reply to: lupin: "Source code audit tool"
- Next in thread: Kenneth R. van Wyk: "Re: Source code audit tool"
- Reply: Kenneth R. van Wyk: "Re: Source code audit tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
