Penetration Testing mailing list archives
RE: Source code review/scanner
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Tue, 21 Aug 2007 16:54:15 -0400
In general, I think RELYING totally on an automated tool isn't good security practice. You need that human element to put things together. Obviously, tools are great for the time-intensive laborious stuff but I personally think that some level of manual review is also needed. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of xelerated Sent: Tuesday, August 21, 2007 9:10 AM To: pen-test () securityfocus com Subject: Source code review/scanner All, Im looking for something for another dept. to help them review both source code and web app code created by our developers. The main types being VB and ASP. Standard manual testing will still take place, but id like to get something to check the obvious things before it goes into testing. Can anyone recommend some tools for both aspects? Due to separation of duties neither I or the others in network security nor the developers will be doing the source code testing. So im trying to find something that works for those with less than optimal security or coding knowledge. Thanks for your input ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.
Current thread:
- Source code review/scanner xelerated (Aug 21)
- RE: Source code review/scanner Shenk, Jerry A (Aug 21)
- RE: Source code review/scanner Erin Carroll (Aug 21)
- Re: Source code review/scanner Nikhil Wagholikar (Aug 25)
- <Possible follow-ups>
- Re: Source code review/scanner eladexposed (Aug 28)