Automatic source code audit tools?

From: Marc (pirepire69_at_hotmail.com)
Date: 10/15/03

Next message: Free: "Radius and SecureID"
Previous message: Security Alert: "SSRT3622 Potential Security Vulnerabilities in Apache HTTP Server (rev.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 Oct 2003 05:15:28 -0700

Hi,

I would like to find some tools in order to do a source code audit.

The idea is to find vulnerabilities in WEB applications the earliest
as possible. (durign the developpment cycle)

I found a couple tools like:

- Sanctum AppScan
- SPY Dynamics WebInspect
- KavaDo ScanDo
- OWASP WebScarab (open source)

But those tools aren't really checking directly into the source code!

My WEB application is written in JSP/Servelt (J2EE), is there any
others tools to scan my code?

Thanks a lot in advance for your responses

Marc

Next message: Free: "Radius and SecureID"
Previous message: Security Alert: "SSRT3622 Potential Security Vulnerabilities in Apache HTTP Server (rev.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: gforth webserver, why isnt forth used all over ecommerce?
... CGI and ForthScript) servers requires 116kb of ROM. ... But even if your definitions of ASP and CGI and ForthScript are trivial abstractions that faintly reflect on the promise, at least if it comes from someone like you, maybe people here will finally understand that web applications are about more than the ability to serve web pages. ... That's seen in the antagonism against libraries and the elitist attitudes against programmers who choose to specialize or who have different core competencies they draw from. ... Are those source code libraries part of any public distribution of code? ...
(comp.lang.forth)
Re: Source code audit tool
... >I looking for a source code auditing tool in order to find vulnerabilities in WEB applications as early as possible in the developement cycle. ...
(SecProg)
Source code audit tool
... I looking for a source code auditing tool in order to find vulnerabilities in WEB applications as early as possible in the developement cycle. ...
(SecProg)
Re: tools to scan source code
... to create a static source code analyser for ASP.net ... app vulnerabilities have a different structure than the vulnerabilities ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: [work] Re: W2K source "leaked"?
... | This seem the dir of the Windows source code, I dont know if it a hoax. ... |>WinBeta is also reporting on the new leak ... |>un-known-to-the-public exploits and vulnerabilities exist and are being ...
(Bugtraq)