WebApp Sec mailing list archives
RE: Rules on security issues for static code analizers of Java
From: "Kline,Nathan C - JDI" <nckline () bpa gov>
Date: Thu, 22 Dec 2005 15:26:34 -0800
I would also recommend the Compuware Devpartner product. It has a great static analysis engine with over 600 rules and ability to easily add your own. I believe they have a product for Java, C#, and VB.NET. --Nathan -----Original Message----- From: Burke, Charles [mailto:Charles_Burke () HomeDepot com] Sent: Thursday, December 22, 2005 7:36 AM To: Juan C Calderon; webappsec () securityfocus com Subject: RE: Rules on security issues for static code analizers of Java Try FxCop for C# (Assemblies). Microsoft recently added rules for SQL Injection, etc. -----Original Message----- From: Juan C Calderon [mailto:johnccr () yahoo com] Sent: Tuesday, December 20, 2005 11:13 AM To: webappsec () securityfocus com Subject: Rules on security issues for static code analizers of Java Hello all Could somebody provide some rules to detect Cross Site Scripting and Sql Injection attacks in source code using static analizers for Java such as Hammurapi or PMD. Also, if you can recommend a Source Code Static Analizer for C# that would help me a lot. Regards, JC __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.espanol.yahoo.com/
Current thread:
- Rules on security issues for static code analizers of Java Juan C Calderon (Dec 20)
- Re: Rules on security issues for static code analizers of Java Justin Clarke (Dec 20)
- <Possible follow-ups>
- RE: Rules on security issues for static code analizers of Java Burke, Charles (Dec 22)
- RE: Rules on security issues for static code analizers of Java Kline,Nathan C - JDI (Dec 22)