Security Basics mailing list archives
Re: Vuln Scanner for Web App Source Code
From: Greg Rubin <grrubin () gmail com>
Date: Sun, 18 May 2008 22:01:57 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1I think that work by hand is valuable, but there is also room for automated scanning (depending on your language). If you want to work from code-analysis, then you are looking for something called "Static Analysis". One company that does it is FortifySoftware, but I'm sure that there are others.
Automated scanning is especially good for enforcing some best practices and preventing injection attacks (XSS, SQL, LDAP, etc.) but it will always take work to get right.
Hope that helps. Greg cnanne () gmail com wrote:| This might be a bit of a dumb question, but does anyone know of a good Vulnerability Scanner for finding faults in the actual Source Code of the Web App? Or can this task can only be done by hand?
| | | Any feedback on this is highly appreciative | | | | cheers, | | | PhoenixRbrth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIMQnC5KDU23nQpRcRAsvGAJ91J0cCTty572Q3ULsCE2wTMOfIswCfegwK is4fO4n8+yavwD2Rf54YQW4= =AYV+ -----END PGP SIGNATURE-----
Current thread:
- Vuln Scanner for Web App Source Code cnanne (May 18)
- RE: Vuln Scanner for Web App Source Code Naveed Ahmed (May 19)
- Re: Vuln Scanner for Web App Source Code Greg Rubin (May 19)
- Re: Vuln Scanner for Web App Source Code Johnny Wong (May 19)
- RE: Vuln Scanner for Web App Source Code Lorna Alamri (May 20)
- Re: Vuln Scanner for Web App Source Code Paul J. Brickett (May 19)
- RE: Vuln Scanner for Web App Source Code Dan Denton (May 20)
- Re: Vuln Scanner for Web App Source Code Christian Nanne (May 20)
- RE: Vuln Scanner for Web App Source Code Dan Denton (May 20)
- <Possible follow-ups>
- Re: Vuln Scanner for Web App Source Code Dan Anderson (May 19)