Penetration Testing mailing list archives
RE: Vuln Scanner for Web App Source Code
From: FF <as1812 () gmail com>
Date: Mon, 19 May 2008 08:01:37 -0400
Quick answer is to look at fortify and ouncelab software scanners. I've been doing pentests for a while, but just recently had access to the source and did a scan. It was like having a cheatsheet during the test. Very cool indeed. However, if your goal is to give developers a report on code quality, perhaps as part of a pentest report, then the code scanners are only as good as webapp scanners. They can increase a testers througput, and increase consistency over a number of tests, but they cannot replace a senior developer or pentester that can configure the scans and interpret the results to produce a meaningful report. You might consider taking a look at the NIST samate site for a complete overview of static analysis tools...as well as others in this space. // FF -----Original Message----- From: cnanne () gmail com Sent: Sunday, May 18, 2008 12:15 AM To: pen-test () securityfocus com Subject: Vuln Scanner for Web App Source Code This might be a bit of a dumb question, but does anyone know of a good Vulnerability Scanner for finding faults in the actual Source Code of the Web App? Or can this task can only be done by hand? Any feedback on this is highly appreciative cheers, PhoenixRbrth ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Vuln Scanner for Web App Source Code cnanne (May 18)
- Re: Vuln Scanner for Web App Source Code r (May 18)
- Re: Vuln Scanner for Web App Source Code Jason (May 21)
- Re: Vuln Scanner for Web App Source Code bugtraq (May 22)
- Re: Vuln Scanner for Web App Source Code Mike Duncan (May 22)
- Re: Vuln Scanner for Web App Source Code Haroon Meer (May 23)
- RE: Vuln Scanner for Web App Source Code Kevin Reiter (May 22)
- RE: Vuln Scanner for Web App Source Code NL Nathan LaFollette (2094) (May 23)
- Re: Vuln Scanner for Web App Source Code bigbert007 (May 28)
- RE: Vuln Scanner for Web App Source Code NL Nathan LaFollette (2094) (May 23)
- <Possible follow-ups>
- RE: Vuln Scanner for Web App Source Code FF (May 19)