Penetration Testing mailing list archives

Re: tools to scan source code

From: Stefano Zanero <zanero () elet polimi it>
Date: Tue, 12 Sep 2006 14:53:05 +0200

Ric Messier wrote:

PHP is fairly C-like. If you know C, it's pretty easy to read PHP. However,
try RATS. http://www.securesoftware.com/download_rats.htm


Are you suggesting that RATS (a source code scanner for C) would be able
to detect security vulnerabilities in PHP ?

That's a challenging proposition :)

As far as I know, very little exist in the area of "source code
auditing" for web application. Developing one is not easy (it's one of
our research tasks at the moment)

From what I've seen, the SWAAT tool mentioned elsewhere is little more

than what you can obtain through grep...

Best,
Stefano

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Current thread:

tools to scan source code Wahyu Wijaya H. (Sep 11)
- RE: tools to scan source code Ric Messier (Sep 11)
  - Re: tools to scan source code Stefano Zanero (Sep 12)
    - Re: tools to scan source code Kish Pent (Sep 13)
    - Re: tools to scan source code Stefano Zanero (Sep 13)
    - Re: tools to scan source code Ben Hall (Sep 13)
    - Re: tools to scan source code Dan Catalin Vasile (Sep 13)
    - RE: tools to scan source code Benjamin Livshits (Sep 13)
    - Re: tools to scan source code Kish Pent (Sep 16)
    - Re: tools to scan source code Wahyu Wijaya H. (Sep 13)
    - Re: tools to scan source code Barrie Dempster (Sep 14)
    - RE: tools to scan source code Benjamin Livshits (Sep 15)
- RE: tools to scan source code Nish Bhalla (Sep 11)

(Thread continues...)