Penetration Testing mailing list archives

code analysis

From: huber_geo () hotmail com
Date: 20 Jun 2005 14:58:07 -0000

Hello,

In addition to doing security audits for my clients, 
I occasionally am asked to to code reviews for 
products my clients are thinging of using.  Normally 
the code is in C, asm or C++ which I have no 
problem with.  However, the most recent code base 
I have been tasked to review has substantial parts 
written in Bordand Delphi and Modula-2 which I have 
no experience with.  So I am looking for leads for 
the following questions:

1) are are the security vulnerabilites associated 
   with each of the above languages.  For example, 
   do these languages have the potentail for 
   buffer overflows?

2) are there any auditing tools (ala RATS or 
   flawfinder) for these languages.

Thanks for your help.  Additionally, if this is 
not an appropriate forum for these questions, 
could you direct me to a better one?

thanks,
George Huber

Current thread:

code analysis huber_geo (Jun 20)
- RE: code analysis Aleksander P. Czarnowski (Jun 20)
- <Possible follow-ups>
- Re: code analysis m . delibero (Jun 20)