Vulnerability Development mailing list archives

Re: security scanning software for source code?

From: White Vampire <whitevampire () mindless com>
Date: Fri, 20 Oct 2000 12:25:40 -0400

On Wed, Oct 18, 2000 at 01:54:29PM -0400, Sanchez, Scott(Scott.Sanchez () GS COM) wrote:

Does anyone have any suggestions on products that will review application
code (visual basic/c++, java applets and servlets, cgi's, etc.) for security
weaknesses?
I would love an engine that I can just drop my java servlets (or weblogic
code, xml, perl, css, etc.) into and it would look for things like input
fields that have missing or inadequate validation, passwords stored in the
app, etc.  (I know, i'm asking for a lot).
Does anybody have thoughts or suggestions? We have decided that it is
impractical for us to write our own scanner at this point.


        This is probably more suited for the new Security Focus list
SECPROG.

Regards,
-- 
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."

Attachment: _bin
Description:

Current thread:

security scanning software for source code? Sanchez, Scott (Oct 20)
- Re: security scanning software for source code? Erik Tayler (Oct 24)
- Re: security scanning software for source code? White Vampire (Oct 24)