[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Open Source Code Analysis Tools
- From: praveen kumar <illurupraveen@xxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] Open Source Code Analysis Tools
- Date: Wed, 16 Apr 2008 22:25:11 +0530 (IST)
--0-1403888090-1208364911=:89008
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi,=0ASome of the code review tool vendors:=C2=A0Fortify, Ouncelabs, KlocWo=
rk.=0A=0AHybrid Analysis ( source code analysis with black box testing )Too=
l vendors: DevInspect, Appscan DE=0A=0AOpen Source Code Review Tools from:=
=0A=0A1) Hammurapi=0AURL: http://www.hammurapi.org/=0A2) Pmd=0AURL: http://=
sourceforge.net/projects/pmd=0A3) Findbugs=0AURL: http://findbugs.sourcefor=
ge.net/ =0AThanks and Regards,=0APraveen illuru=0A-----BEGIN PGP SIGNED MES=
SAGE-----=0AHash: SHA1=0A=C2=A0=0AFortify Software has a good one called SC=
A. It is part of a suite they=0Aoffer called 360, but overall it is very go=
od. It is a plugin into an=0AIDE and supports many languages.=C2=A0=0ATruxa=
w, Matthew wrote:=0A> Can anyone point me in the direction of a good open s=
ource tool for=0A> automating code analysis for security issues? In particu=
lar, I'd like=0A> one or more tools to scan our java and .net (C#) code bas=
e. =0A> =0A> Regards,=0A> =0A> Matt=0A> =0A> =0A> *************************=
*********************************************=0A> This message contains con=
fidential information intended only for the use=0A> of the addressee(s) nam=
ed above and may contain information that is=0A> legally privileged. If you=
are not the addressee, or the person=0A> responsible for delivering it to =
the addressee, you are hereby notified=0A> that reading, disseminating, dis=
tributing or copying this message is=0A> strictly prohibited. If you have r=
eceived this message by mistake,=0A> please immediately notify us by replyi=
ng to the message and delete the=0A> original message immediately thereafte=
r.=0A> =0A> Thank you.=0A> =0A> =0A> FADLD Tag=0A> ************************=
**********************************************=0A> =0A- --=0AMike Duncan=0A=
ISSO, Application Security Specialist=0AGovernment Contractor with STG, Inc=
.=0ANOAA :: National Climatic Data Center=0A151 Patton Ave.=0AAsheville, NC=
28801-5001=0Amike.duncan@noaa.gov=0A828.271.4289=0A-----BEGIN PGP SIGNATUR=
E-----=0AVersion: GnuPG v1.4.6 (GNU/Linux)=0AComment: Using GnuPG with Mozi=
lla - iD8DBQFIBfcUnvIkv6fg9hYRAtA4AKCLw1FyX/4PAQ/wOWVZH8KF73B/QQCePq0c=0AUE=
wyJAQebFeDiLqqEgM6pmw=3D=0A=3DdUtu=0A-----END PGP SIGNATURE-----=0A--------=
--------------------------------------------------------------------=0AJoin=
us on IRC: irc.freenode.net #webappsec=0AHave a question? Search The Web S=
ecurity Mailing List Archives: Subscribe via RSS: =0A=C2=A0http://www.webap=
psec.org/rss/websecurity.rss[RSS Feed]http://www.webappsec.org/lists/websec=
urity/http://enigmail.mozdev.orghttp://www.fortifysoftware.com=0A=0A=0A =
Get the freedom to save as many mails as you wish. To know how, go to htt=
p://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html
--0-1403888090-1208364911=:89008
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><style type=3D"text/css"><!-- DIV {margin:0px;} --></style></he=
ad><body><div style=3D"font-family:verdana, helvetica, sans-serif;font-size=
:10pt"><DIV><FONT size=3D2>=0A<P>Hi,</P>=0A<P> </P>=0A<DIV class=3Dpar=
a>Some of the code review tool vendors: Fortify, Ouncelabs, KlocWork.<=
BR><BR>Hybrid Analysis ( source code analysis with black box testing )Tool =
vendors: DevInspect, Appscan DE<BR><BR>Open Source Code Review Tools from:<=
BR><BR>1) Hammurapi<BR>URL: <A href=3D"http://www.hammurapi.org/"; target=3D=
_blank><FONT color=3D#0000ff>http://www.hammurapi.org/</FONT></A><BR>2) Pmd=
<BR>URL: <A href=3D"http://sourceforge.net/projects/pmd"; target=3D_blank><F=
ONT color=3D#0000ff>http://sourceforge.net/projects/pmd</FONT></A><BR>3) Fi=
ndbugs<BR>URL: <A href=3D"http://findbugs.sourceforge.net/"; target=3D_blank=
><FONT color=3D#0000ff>http://findbugs.sourceforge.net/</FONT></A> </DIV>=
=0A<P> </P>=0A<P>Thanks and Regards,</P>=0A<P>Praveen illuru</P>=0A<P>=
</P>=0A<P> </P>=0A<P>-----BEGIN PGP SIGNED MESSAGE-----</P>=0A<P=
>Hash: SHA1</P>=0A<P> </P>=0A<P>Fortify Software has a good one called=
SCA. It is part of a suite they</P>=0A<P>offer called 360, but overall it =
is very good. It is a plugin into an</P>=0A<P>IDE and supports many languag=
es.</P>=0A<P></FONT><A href=3D"http://www.fortifysoftware.com/";><U><FONT co=
lor=3D#0000ff size=3D2>http://www.fortifysoftware.com</U></FONT></A></P><FO=
NT size=3D2>=0A<P> </P>=0A<P>Truxaw, Matthew wrote:</P>=0A<P>> Can =
anyone point me in the direction of a good open source tool for</P>=0A<P>&g=
t; automating code analysis for security issues? In particular, I'd like</P=
>=0A<P>> one or more tools to scan our java and .net (C#) code base. </P=
>=0A<P>> </P>=0A<P>> Regards,</P>=0A<P>> </P>=0A<P>> Matt</P>=
=0A<P>> </P>=0A<P>> </P>=0A<P>> **********************************=
************************************</P>=0A<P>> This message contains co=
nfidential information intended only for the use</P>=0A<P>> of the addre=
ssee(s) named above and may contain information that is</P>=0A<P>> legal=
ly privileged. If you are not the addressee, or the person</P>=0A<P>> re=
sponsible for delivering it to the addressee, you are hereby notified</P>=
=0A<P>> that reading, disseminating, distributing or copying this messag=
e is</P>=0A<P>> strictly prohibited. If you have received this message b=
y mistake,</P>=0A<P>> please immediately notify us by replying to the me=
ssage and delete the</P>=0A<P>> original message immediately thereafter.=
</P>=0A<P>> </P>=0A<P>> Thank you.</P>=0A<P>> </P>=0A<P>> </P>=
=0A<P>> FADLD Tag</P>=0A<P>> ****************************************=
******************************</P>=0A<P>> </P>=0A<P>- --</P>=0A<P>Mike D=
uncan</P>=0A<P>ISSO, Application Security Specialist</P>=0A<P>Government Co=
ntractor with STG, Inc.</P>=0A<P>NOAA :: National Climatic Data Center</P>=
=0A<P>151 Patton Ave.</P>=0A<P>Asheville, NC 28801-5001</P>=0A<P>mike.dunca=
n@noaa.gov</P>=0A<P>828.271.4289</P>=0A<P>-----BEGIN PGP SIGNATURE-----</P>=
=0A<P>Version: GnuPG v1.4.6 (GNU/Linux)</P>=0A<P>Comment: Using GnuPG with =
Mozilla - </FONT><A href=3D"http://enigmail.mozdev.org/";><U><FONT color=3D#=
0000ff size=3D2>http://enigmail.mozdev.org</U></FONT></A></P><FONT size=3D2=
>=0A<P>iD8DBQFIBfcUnvIkv6fg9hYRAtA4AKCLw1FyX/4PAQ/wOWVZH8KF73B/QQCePq0c</P>=
=0A<P>UEwyJAQebFeDiLqqEgM6pmw=3D</P>=0A<P>=3DdUtu</P>=0A<P>-----END PGP SIG=
NATURE-----</P>=0A<P>------------------------------------------------------=
----------------------</P>=0A<P>Join us on IRC: irc.freenode.net #webappsec=
</P>=0A<P>Have a question? Search The Web Security Mailing List Archives: <=
/P>=0A<P></FONT><A href=3D"http://www.webappsec.org/lists/websecurity/";><U>=
<FONT color=3D#0000ff size=3D2>http://www.webappsec.org/lists/websecurity/<=
/U></FONT></A></P><FONT size=3D2>=0A<P>Subscribe via RSS: </P>=0A<P></FONT>=
<A href=3D"http://www.webappsec.org/rss/websecurity.rss";><U><FONT color=3D#=
0000ff size=3D2>http://www.webappsec.org/rss/websecurity.rss</U></FONT></A>=
<FONT size=3D2> [RSS Feed]</P>=0A<P> </P></FONT></DIV></div><br>=0A=0A=
=0A <!--11--><hr size=3D1></hr> Best Jokes, Best Friends, Best Food. G=
et all this and more on <a href=3D"http://in.rd.yahoo.com/tagline_groups_11=
/*http://in.promos.yahoo.com/groups/bestofyahoo/";> Best of Yahoo! Groups.</=
a></body></html>
--0-1403888090-1208364911=:89008--
Brought to you by http://www.webappsec.org
Search this site
|