Re: Secure Source Code Analysis Parser/Tool

[Adam Shostack <adam () homeport org>]

My bad, PreFIX and preFAST.

Adam


On Tue, Jun 29, 2004 at 09:29:48AM -0700, Michael Howard wrote:
| >> And then there are Prefix and Postfix, which are going to be in
| visual studio "whidbey."
| 
| Prefast is in Whidbey Enterprise, beta1 one of which was release today
| 
| http://lab.msdn.microsoft.com/vs2005/
| 
| There's no tool I know of called Postfix!
| 
| [Writing Secure Code 2nd Edition]
| http://www.microsoft.com/mspress/books/5957.asp
| [Protect Your PC] http://www.microsoft.com/protect
| [Blog] http://blogs.msdn.com/michael_howard
| [Annual Security Training]
| http://mste/training/offerings.asp?offeringid=7142
| 
| -----Original Message-----
| From: Adam Shostack [mailto:adam () homeport org] 
| Sent: Tuesday, June 29, 2004 8:33 AM
| To: Stan Guzik
| Cc: webappsec () securityfocus com
| Subject: Re: Secure Source Code Analysis Parser/Tool
| 
| On Tue, Jun 29, 2004 at 11:04:42AM -0400, Stan Guzik wrote:
| | Hello,
| | 
| | Does anyone of an open source secure source code analysis parser/tool?
| | I'm looking for a parser to run on ASP, ASP.NET, VB, and VB.NET.  If
| the
| | tool is for another language that's OK.  If you don't know of a tool
| any
| | good reference on how to write on is appreciated.
| 
| Its not open source, but FXCop is the most MS oriented source security
| tool I know of.  http://www.gotdotnet.com/team/fxcop/   And then there
| are Prefix and Postfix, which are going to be in visual studio
| "whidbey."
| 
| There's RATS and Splint, which are open source tools for C, which
| aren't ASP, .NET, or VB.
| 
| Adam