Security Basics mailing list archives

Re: Looking for a tool to audit vb scripts

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Mon, 7 Feb 2011 18:47:49 +0100

On 2011-02-04 Turner, Jeremy wrote:

On 2011-02-03 Security Manager wrote:

Anybody have any recommendations for auditing VB Scripts?  Looking to
identify basic best practices, possible security flaws, etc.


Wikipedia [1] lists two tools (Fortify, Parasoft) that claim to be able
to analyze VBScript code. I haven't used them myself, though.

Being able to execute VB scripts is the first item to remediate.


M-hm. And why exactly would that be?

[1] http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Looking for a tool to audit vb scripts Security Manager (Feb 03)
- RE: Looking for a tool to audit vb scripts Turner, Jeremy (Feb 07)
  - Re: Looking for a tool to audit vb scripts Ansgar Wiechers (Feb 08)
  - Re: Looking for a tool to audit vb scripts Joseph P. Cohen (Feb 08)
  - RE: Looking for a tool to audit vb scripts kryppa (Feb 08)
    - Re: Looking for a tool to audit vb scripts Ansgar Wiechers (Feb 10)