RE: Code Assessment
From: Mike Randall (mrandall_at_ajla.net)
Date: 04/15/04
- Previous message: Zarina Musa: "security risks"
- Maybe in reply to: Bobby, Paul: "Code Assessment"
- Next in thread: ken kousky: "RE: Code Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Apr 2004 08:21:43 -0500 To: <secprog@securityfocus.org>
For ColdFusion, I use a tool from http://www.cfdev.com (CF Source Code
Review Tool). It is a simple rule-based source code reviewer that comes
with 30 built-in rules, some of which deal with security. It allows
additional rules to be created fairly easily (especially with regular
expressions) and I have created several more. I would be happy to share
my rules with anyone who uses the tool.
Mike Randall
APA IV, Web Developer
AJLA-TS, KDHR
Phone: 785-296-3650
Fax: 785-296-2119
Email: mrandall@ajla.net
-----Original Message-----
From: Bobby, Paul [mailto:paul.bobby@lmco.com]
Sent: Wednesday, April 14, 2004 9:03 AM
To: secprog@securityfocus.org
Subject: Code Assessment
I appreciate the discussions on various coding methodologies, however
I've been asked to approach application testing from a penetration point
of view.
I'm just beginning my research in to this topic, and wanted to ask
within this list early on.
I am looking to assess the integrity of an application either by
scanning the source code for potential problems (like a security lint
for example), and secondly, various tools that test the application in
runtime.
The majority of applications to be assessed are written in cold fusion,
java, c/c++ and some .asp.
Thank you
Paul Bobby
Lockheed Martin Systems Integration
- Previous message: Zarina Musa: "security risks"
- Maybe in reply to: Bobby, Paul: "Code Assessment"
- Next in thread: ken kousky: "RE: Code Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
