WebApp Sec mailing list archives

Re: Secure Source Code Analysis Parser/Tool

From: Adam Shostack <adam () homeport org>
Date: Tue, 29 Jun 2004 11:33:03 -0400

On Tue, Jun 29, 2004 at 11:04:42AM -0400, Stan Guzik wrote:
| Hello,
| 
| Does anyone of an open source secure source code analysis parser/tool?
| I'm looking for a parser to run on ASP, ASP.NET, VB, and VB.NET.  If the
| tool is for another language that's OK.  If you don't know of a tool any
| good reference on how to write on is appreciated.

Its not open source, but FXCop is the most MS oriented source security
tool I know of.  http://www.gotdotnet.com/team/fxcop/   And then there
are Prefix and Postfix, which are going to be in visual studio "whidbey."

There's RATS and Splint, which are open source tools for C, which
aren't ASP, .NET, or VB.

Adam

Current thread:

Secure Source Code Analysis Parser/Tool Stan Guzik (Jun 29)
- Re: Secure Source Code Analysis Parser/Tool Adam Shostack (Jun 29)
- Re: Secure Source Code Analysis Parser/Tool exon (Jun 29)
- RE: Secure Source Code Analysis Parser/Tool Mark Curphey (Jun 29)
- Re: Secure Source Code Analysis Parser/Tool Ron Espiritu (Jun 29)
- <Possible follow-ups>
- RE: Secure Source Code Analysis Parser/Tool Michael Howard (Jun 29)
  - Re: Secure Source Code Analysis Parser/Tool Adam Shostack (Jun 29)
- RE: Secure Source Code Analysis Parser/Tool Kline, Nathan C - CIEP-3 (Jun 29)
  - RE: The Right Approach to Web Developer Education Yaakov Yehudi (Jun 30)