OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: security scanning software for source code?
From: White Vampire (whitevampireMINDLESS.COM)
Date: Fri Oct 20 2000 - 11:25:40 CDT


On Wed, Oct 18, 2000 at 01:54:29PM -0400, Sanchez, Scott(Scott.SanchezGS.COM) wrote:
> Does anyone have any suggestions on products that will review application
> code (visual basic/c++, java applets and servlets, cgi's, etc.) for security
> weaknesses?
> I would love an engine that I can just drop my java servlets (or weblogic
> code, xml, perl, css, etc.) into and it would look for things like input
> fields that have missing or inadequate validation, passwords stored in the
> app, etc. (I know, i'm asking for a lot).
> Does anybody have thoughts or suggestions? We have decided that it is
> impractical for us to write our own scanner at this point.

        This is probably more suited for the new Security Focus list
SECPROG.

Regards,

-- 
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."


  • application/pgp-signature attachment: stored