Re: Testing Application vulnerability tools

[Romain Gaucher <romain.gaucher () nist gov>]

Hi,
Actually, I understood that he needed a tool for code review.
Then AppScan and Acunetix WVS are not doing this, they are only Back box 
  tester as far as I know.
So I would say for the crystal box:
- DevInspect from SPI-Dynamics
- Tracer from Fortify

--Romain


manmohan pv wrote:
> Hi
>
> I think Appscan or Acunetix are the two tools used to
> find the CSS and SQL related issues.
>
> both are commercial tools.
>
> -thanks 
> manmohan
>
> --- WALI <hkhasgiwale () gmail com> wrote:
>
> > I have a team of software developers involved in
> > writing code for HR 
> > management application. They have put the first
> > module payroll online but 
> > everyday, we get reports of users getting access to
> > areas they shouldn't. 
> > The software team is involved in continues debugging
> > and patching.
> >
> > Is there a tool I can use to do software code review
> > (.NET)
> >
> > I know it's also design issue but there should be a
> > way I can at least 
> > check the front end (http) interface for common
> > vulnerabilities?
>
>
>
>                 
> ___________________________________________________________ 
> Now you can have your favourite RSS headlines come to you with the all new Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html

--
Romain Gaucher
romain.gaucher () nist gov
National Institute of Standards and Technology
SAMATE Project: http://samate.nist.gov
Phone: (301)-975-3354