WebApp Sec mailing list archives

Re: Rules on security issues for static code analizers of Java

From: Justin Clarke <justin () justinclarke com>
Date: Tue, 20 Dec 2005 19:40:11 -0500

<plug>
For SQL injection rules for PMD have at look at Network Security Tools 
http://www.oreilly.com/catalog/networkst/
</plug>

The freely downloadable examples have some SQL injection rules - these
were built for one of the chapters by one of the contributing authors
(Joe Hemler).

Justin

On Tue, 2005-12-20 at 10:13 -0600, Juan C Calderon wrote:

Hello all

Could somebody provide some rules to detect Cross Site
Scripting and Sql Injection attacks in source code
using static analizers for Java such as Hammurapi or
PMD.

Also, if you can recommend a Source Code Static
Analizer for C# that would help me a lot.

Regards,
JC


__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.espanol.yahoo.com/

Current thread:

Rules on security issues for static code analizers of Java Juan C Calderon (Dec 20)
- Re: Rules on security issues for static code analizers of Java Justin Clarke (Dec 20)
- <Possible follow-ups>
- RE: Rules on security issues for static code analizers of Java Burke, Charles (Dec 22)
- RE: Rules on security issues for static code analizers of Java Kline,Nathan C - JDI (Dec 22)