Security Basics mailing list archives
RE: Secure Coding - Static Code Analysis Tools
From: "Marco M. Morana" <marco.m.morana () gmail com>
Date: Sat, 22 Sep 2007 10:04:38 -0400
A good reference is the NIST SAMATE list under the source code analyzers classification there are listed several tools and their availability (e.g. pen source and commercial): http://samate.nist.gov/index.php/Source_Code_Security_Analyzers Marco -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Brad Andrews Sent: Friday, September 21, 2007 2:58 PM To: security-basics () securityfocus com Subject: Secure Coding - Static Code Analysis Tools Does anyone know if any companies other than Fortify Software and Ounce Labs provide software/systems that will scan source code for code security vulnerabilities, such as those noted in the OWASP Top 10? I did find a reference to Klockworks, but they seem to be aimed at more traditional code scanning rather than looking for possible security holes. Any other references to check out would be appreciated. Brad
Current thread:
- Secure Coding - Static Code Analysis Tools Brad Andrews (Sep 21)
- Re: Secure Coding - Static Code Analysis Tools Allan Wind (Sep 21)
- RE: Secure Coding - Static Code Analysis Tools Marco M. Morana (Sep 25)
- <Possible follow-ups>
- Re: Re: Secure Coding - Static Code Analysis Tools rohnskii (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools brendan . harrison (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools madhunika (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools Dan Otogenick (Sep 25)