|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: tools to scan source code
From: Stefano Zanero (zanero
elet.polimi.it)
Date: Tue Sep 12 2006 - 07:53:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ric Messier wrote:
> PHP is fairly C-like. If you know C, it's pretty easy to read PHP. However,
> try RATS. http://www.securesoftware.com/download_rats.htm
Are you suggesting that RATS (a source code scanner for C) would be able
to detect security vulnerabilities in PHP ?
That's a challenging proposition :)
As far as I know, very little exist in the area of "source code
auditing" for web application. Developing one is not easy (it's one of
our research tasks at the moment)
From what I've seen, the SWAAT tool mentioned elsewhere is little more
than what you can obtain through grep...
Best,
Stefano
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]