[WASC-SATEC] Runtime Analysis Tools

Sherif Koussa sherif.koussa at gmail.com
Sun Apr 20 18:18:58 EDT 2014


I guess my question would be: does our criteria help users choose the right
"hybrid analyzer" or does it help them choose between pure static code
analyzers and "hybrid" analyzers? I am not sure we had the "hybrid"
analyzers in mind when we designed the criteria, therefore, I am just
concerned that referencing these would confuse users more so than help them.

Any thoughts?

Regards,
Sherif


On Fri, Apr 18, 2014 at 5:10 PM, Alec Shcherbakov <
alec.shcherbakov at astechconsulting.com> wrote:

> Some of these tools reverse-engineer the code being executed at the moment
> and then scan it, but the scope of the scan may be limited compared to the
> more complex often multistage process most static analyzers employ. A more
> accurate category for these tools could be “hybrid analyzers”. Perhaps we
> could list them in a separate category on the tools page.
>
>
>
>
>
> Alec Shcherbakov
>
> *The information in this email is intended for the addressee.  Any other
> use of this information is unauthorized and prohibited.*
>
>
>
> *From:* wasc-satec [mailto:wasc-satec-bounces at lists.webappsec.org] *On
> Behalf Of *Sherif Koussa
> *Sent:* Friday, April 18, 2014 9:23 AM
> *To:* wasc-satec at lists.webappsec.org
> *Subject:* [WASC-SATEC] Runtime Analysis Tools
>
>
>
> Hello All,
>
>
>
> I received a request from one of the "runtime analysis tools" providers (
> www.contrastsecurity.com) to list it on the Static Analysis Tools List
> page associated with SATEC.
>
>
>
> The challenge with these tools is that they provide results that are
> similar to static analysis but they don't actually scan the code.
>
>
>
> Interested to know what you guys think?
>
>
>
> Regards,
> Sherif
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-satec_lists.webappsec.org/attachments/20140420/465ff9b9/attachment-0003.html>


More information about the wasc-satec mailing list