Security Basics mailing list archives
Re: Secure Coding - Static Code Analysis Tools
From: Dan Otogenick <danotogenick () hotmail com>
Date: Sun, 23 Sep 2007 09:09:59 +1200
Hi Brad, You should look at Checkmarx (www.checkmarx.com). They have a very promising product (Cx.. something) that finds vulnerabilities with very low false positive. (AFAIK - as opposed to other solutions which their FP ratio makes the use of them pretty difficult). If I am not mistaken, their query technology allows you to even find business logic vulnerabilities, but I am not sure of that - I advise you to check this with the company. Dan _________________________________________________________________ Windows Live Spaces כבר כאן! תוכל ליצור בקלות אתר אינטרנט אישי משלך. http://spaces.live.com/signup.aspx
Current thread:
- Secure Coding - Static Code Analysis Tools Brad Andrews (Sep 21)
- Re: Secure Coding - Static Code Analysis Tools Allan Wind (Sep 21)
- RE: Secure Coding - Static Code Analysis Tools Marco M. Morana (Sep 25)
- <Possible follow-ups>
- Re: Re: Secure Coding - Static Code Analysis Tools rohnskii (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools brendan . harrison (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools madhunika (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools Dan Otogenick (Sep 25)