Lifedork

I’ve been collecting some list of security source code assessment tools which are built to analyze your codes (C/C++,Java,.NET,PHP,and others) . Hope this list below will help you to choose the best security source code assessment tool for you :

Pmd
URL: http://sourceforge.net/projects/pmd
Java-based static analysis tool
Intended to find correctness and complexity issues, also finds some security issues

Findbugs URL: http://findbugs.sourceforge.net/
Java-based static analysis tool
Intended to find correctnessissues, also identifies some security issues
JeSS: http://sourceforge.net/project/showfiles.php?group_id=141386
JeSS is a plugin for the Eclipse IDE. It is a static security scanner for Java source code. The plugin creates an AST for the source code and then uses the visitor pattern to find patterns in the AST that could be possible security bugs.

milk: http://milk.sourceforge.net/
Milk is a security source code assessment tool using Orizon as API. Milk scans java and .NET source file in order to perform a security code review trying to point out safe coding best practices misuse

BogoSec : Source Code Security Quality Metric http://bogosec.sourceforge.net/
BogoSec aims to increase awareness regarding code security vulnerabilities, while encouraging developers to produce more secure code over time. By simplifying the code scanning process, BogoSec achieves a goal of allowing developers to scan their code regularly and more effectively.
Users also can benefit by using BogoSec in another way; comparing different available packages or consecutive releases of a package and identifying trends in the security level will enable users to make more educated software choices.

BogoSec is a pluggable flexible framework.
It currently has plugins to support the following three scanners:

Flawfinder http://www.dwheeler.com/flawfinder/
RATS http://www.securesw.com/rats/
ITS4 http://www.cigital.com/its4/

Hammurapi
URL: http://www.hammurapi.org/

There are a lot of tools for code analysis, not only java and .net, but also asp, php, c and so on. Enjoy it : http://www.nosec.org/web/index.php?q=codereview

(SWAAT), you can download it from our site. http://securitycompass.com/inner_swaat.shtml

There’s some good material from the speaker at the last OWASP-Austin (TX) meeting. He has links to open source Java and .Net static analysis tools. The presentation also includes some general info on static vs dynamic analysis: http://denimgroup.typepad.com/denim_group/2008/03/static-analysis.html

From this presentation:

• FindBugs (Java) findbugs.sourceforge.net

• PMD (Java) pmd.sourceforge.net

• FxCop(.NET) www.gotdotnet.com/Team/FxCop/
FxCop is a code analysis tool that checks .NET managed code assemblies for conformance to the Microsoft .NET Framework Design Guidelines.
http://www.microsoft.com/downloads/details.aspx?familyid=3389F7E4-0E55-4A4D-BC74-4AEABB17997B&displaylang=en

• XSSDetect (.NET) blogs.msdn.com/ace_team/archive/2007/10/22/xssdetect-public-beta-now-available.aspx

Commercial Products:

I got a few recommendations for Fortify http://www.fortifysoftware.com
I got a couple of recommendations for XSS Detect for .NET as well. This beta version appears free to download, at least for now.
XSSDetect http://www.microsoft.com/downloads/details.aspx?FamilyID=19a9e348-bdb9-45b3-a1b7-44ccdcb7cfbe&displaylang=en

XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It also detects whether proper encoding or filtering has been applied to the data and will ignore such “sanitized” paths.

Original source : webappsec mailing list

Recenly search

Incoming search terms for the article:

Downloads details aspx familyid 19A9E348 BDB9 45B3 A1B7 44CCDCB7CFBE displaylang en,  eg 4story hack by shooter,  how do you get a welcome mat in frontier ville,  
Popular Today naruto shippuden 170 videolog,  cat physics walkthrough,  naruto shippuden 168 videolog,  facebook spy,  backtrack 3,  shy engine,  vtunnel,  BackTrack tutorial,  backtrack 3 tutorial,  facebook photo viewer,  See The Shocking Hidden Message In The Google Logo that GOOGLE Does NOT Want You To Know About!,  how to view private myspace pictures,  my empire hack,  view private myspace pictures,  SHOCKING: RUDE HIDDEN MESSAGE in Toy Story 3!,  facebook keylogger,  HIDDEN MESSAGE IN GOOGLE LOGO,  Terri Moulton Horman,  rapidleech,  brute force facebook,   Computer Security Stuff on eBay!
Electronics stuffs on ebay

Security source code assessment tools 2008 is posted on April 23rd, 2008 by admin. This post is filed under: Sectools, Security, downloads details aspx familyid 19a9e348 bdb9 45b3 a1b7 44ccdcb7cfbe displaylang en, failed. next try with 5000 ivs .