WebApp Sec mailing list archives

Fortify Source Code Auditing Suite and the like

From: spammailme () gmail com
Date: 17 Feb 2006 16:36:09 -0000

All -

I am looking for feedback as to the 'real world' use of Fortify SCA tool. It states it performs automated 'white box' 
code reviews and from a demo it does the job pretty pretty quick. The company states it detects security vulns (yet it 
seems alot are quality findings). 

Q: Can anyone provide positive or negagtive expirences using this tool or like tool for JAVA based apps.

Q: Can any of you provide rollout suggestions/strategies that worked for you?

Thanks,

SomePlaceInCanada-ehhh

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

Current thread:

Fortify Source Code Auditing Suite and the like spammailme (Feb 17)
- Re: Fortify Source Code Auditing Suite and the like Dhruv Soi (Feb 17)