Re: Secure Code review for JAVA applications

["Nathaniel Hirsch" <morgothan () gmail com>]

Im not sure of any opensource tools for it, but at work we use fortify sca.
http://www.fortify.com/products/sca/

Im not sure on the price we payed for it, as that decision is above my
pay grade, but I heard it was a lot.  I know they have some sort of
training that you can take, that will give you a lab license for a
year, so you can play around with it.  I assume that is significantly
less then the whole price.

On Thu, Apr 24, 2008 at 2:57 AM, pentestr <pentestr () gmail com> wrote:
> Hi hack3r$,
>  I am new into secure code review. I would like to know 1. any sample
> application for secure code review  (like webgoat and hackme books for pen
> testing of application). 2. Open source secure code review tools for JAVA
> applications?
>
>  Thanks&Rgds
>  P.T.
>
>
>
>  ------------------------------------------------------------------------
>  This list is sponsored by: Cenzic
>
>  Need to secure your web apps NOW?
>  Cenzic finds more, "real" vulnerabilities fast.
>  Click to try it, buy it or download a solution FREE today!
>
>  http://www.cenzic.com/downloads
>  ------------------------------------------------------------------------



-- 
Nathaniel Hirsch, CISSP

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------