[WEB SECURITY] Open Source Code Analysis Tools

praveen kumar illurupraveen at yahoo.co.in
Wed Apr 16 12:55:11 EDT 2008


Hi,
Some of the code review tool vendors: Fortify, Ouncelabs, KlocWork.

Hybrid Analysis ( source code analysis with black box testing )Tool vendors: DevInspect, Appscan DE

Open Source Code Review Tools from:

1) Hammurapi
URL: http://www.hammurapi.org/
2) Pmd
URL: http://sourceforge.net/projects/pmd
3) Findbugs
URL: http://findbugs.sourceforge.net/ 
Thanks and Regards,
Praveen illuru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Fortify Software has a good one called SCA. It is part of a suite they
offer called 360, but overall it is very good. It is a plugin into an
IDE and supports many languages. 
Truxaw, Matthew wrote:
> Can anyone point me in the direction of a good open source tool for
> automating code analysis for security issues? In particular, I'd like
> one or more tools to scan our java and .net (C#) code base. 
> 
> Regards,
> 
> Matt
> 
> 
> **********************************************************************
> This message contains confidential information intended only for the use
> of the addressee(s) named above and may contain information that is
> legally privileged. If you are not the addressee, or the person
> responsible for delivering it to the addressee, you are hereby notified
> that reading, disseminating, distributing or copying this message is
> strictly prohibited. If you have received this message by mistake,
> please immediately notify us by replying to the message and delete the
> original message immediately thereafter.
> 
> Thank you.
> 
> 
> FADLD Tag
> **********************************************************************
> 
- --
Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center
151 Patton Ave.
Asheville, NC 28801-5001
mike.duncan at noaa.gov
828.271.4289
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - iD8DBQFIBfcUnvIkv6fg9hYRAtA4AKCLw1FyX/4PAQ/wOWVZH8KF73B/QQCePq0c
UEwyJAQebFeDiLqqEgM6pmw=
=dUtu
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives: Subscribe via RSS: 
 http://www.webappsec.org/rss/websecurity.rss[RSS Feed]http://www.webappsec.org/lists/websecurity/http://enigmail.mozdev.orghttp://www.fortifysoftware.com


      Get the freedom to save as many mails as you wish. To know how, go to http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080416/0e7256ac/attachment.html>


More information about the websecurity mailing list