Security Basics mailing list archives

Re: Secure Coding - Static Code Analysis Tools

From: Dan Otogenick <danotogenick () hotmail com>
Date: Sun, 23 Sep 2007 09:09:59 +1200


Hi Brad,
You should look at Checkmarx (www.checkmarx.com). They have a very promising product (Cx.. something) that finds 
vulnerabilities with very low false positive. (AFAIK - as opposed to other solutions which their FP ratio makes the use 
of them pretty difficult).
If I am not mistaken, their query technology allows you to even find business logic vulnerabilities, but I am not sure 
of that - I advise you to check this with the company.

Dan
_________________________________________________________________
Windows Live Spaces כבר כאן! תוכל ליצור בקלות אתר אינטרנט אישי משלך.
http://spaces.live.com/signup.aspx

Current thread:

Secure Coding - Static Code Analysis Tools Brad Andrews (Sep 21)
- Re: Secure Coding - Static Code Analysis Tools Allan Wind (Sep 21)
- RE: Secure Coding - Static Code Analysis Tools Marco M. Morana (Sep 25)
- <Possible follow-ups>
- Re: Re: Secure Coding - Static Code Analysis Tools rohnskii (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools brendan . harrison (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools madhunika (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools Dan Otogenick (Sep 25)