OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: security scanning software for source code?
From: Erik Tayler (erik14X.NET)
Date: Fri Oct 20 2000 - 07:31:39 CDT


I know of one at http://www.freshmeat.net/projects/its4/ . Never tried
it, but I will soon give it a shot. Looks somewhat mediocre, but hey.

Erik Tayler
http://www.14x.net
http://www.digitaloffense.net

"Sanchez, Scott" wrote:
>
> Hello all,
> Does anyone have any suggestions on products that will review application
> code (visual basic/c++, java applets and servlets, cgi's, etc.) for security
> weaknesses?
> I would love an engine that I can just drop my java servlets (or weblogic
> code, xml, perl, css, etc.) into and it would look for things like input
> fields that have missing or inadequate validation, passwords stored in the
> app, etc. (I know, i'm asking for a lot).
> Does anybody have thoughts or suggestions? We have decided that it is
> impractical for us to write our own scanner at this point.
> Thanks.
> -Scott