Security Basics mailing list archives

Re: Re: Secure Coding - Static Code Analysis Tools

From: rohnskii () gmail com
Date: 23 Sep 2007 21:40:46 -0000

http://www.veracode.com/ - These guys have a tool (no idea how good it is)

http://www.csoonline.com/read/070105/battle.html - this July 2005 article mentions several testing tools

"Review: Source-Code Assessment Tools Kill Bugs Dead" - If you can find a copy of this Dec 01, 2005 article in "Secure 
Enterprise" online mag it gives a detailed review of several testing tools.

http://searchsqlserver.techtarget.com/tip/1,289483,sid87_gci1159434,00.html - Automate SQL injection testing




http://www.csoonline.com/read/070105/metrics.html - a discussion about metrics, not a testing tool, but is a security 
reporting tool

http://research.ittoolbox.com/white-papers/lg.asp?grid=3811&kb=Security&pl=&ref=http%3A%2F%2Fwww%2Egoogle%2Ecom%2Fcustom%3Fq%3DThe%2520Power%2520of%2520Hybrid%2520Application%2520Security%2520Analysis%253A%2520Increasing%2520the%2520Reliability%2520of%26client%3Dpub%2D4099951843714863%26forid%3D1%26ie%3DUTF%2D8%26oe%3DUTF%2D8%26cof%3DGALT%253A%2523999999%253BGL%253A1%253BDIV%253A%2523FFFFFF%253BVLC%253A333333%253BAH%253Acenter%253BBGC%253AFFFFFF%253BLBGC%253AFFFFFF%253BALC%253A0033CC%253BLC%253A0033CC%253BT%253A000000%253BGFNT%253AFFFFFF%253BGIMP%253AFFFFFF%253BLH%253A100%253BLW%253A100%253BL%253Ahttp%253A%252F%252Fwww%2Ehyperwords%2Enet%252Fhy%2Dfor%2Dgoogle%2Egif%253BS%253Ahttp%253A%252F%252Fwww%2Ehyperwords%2Enet%252F%253BLP%253A1%253BFORID%253A1%253B%26hl%3Den&sp=
 - The Power of Hybrid Application Security Analysis: Increasing the Reliability of 
Security Testing Results   ( a short general paper on the topic)


http://www.zdnetindia.com/index.php?action=articleDescription&prodid=7229 - Ask these key questions to test application 
security (April 7, 2005) not about tools, but good  to keep in mind

Current thread:

Secure Coding - Static Code Analysis Tools Brad Andrews (Sep 21)
- Re: Secure Coding - Static Code Analysis Tools Allan Wind (Sep 21)
- RE: Secure Coding - Static Code Analysis Tools Marco M. Morana (Sep 25)
- <Possible follow-ups>
- Re: Re: Secure Coding - Static Code Analysis Tools rohnskii (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools brendan . harrison (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools madhunika (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools Dan Otogenick (Sep 25)