This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Software Security Assessment Tool Review"
From OWASP
M. Buchanan (talk | contribs) (Created page with "==SOFTWARE SECURITY ASSESSMENT TOOLS REVIEW: APPENDIX A: TOOL MATRIX== {| width="80%" border="2" cellspacing="2" cellpadding="2" |+ '''APPENDIX TEMPLATE''' |- valign="top" | ...") |
M. Buchanan (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | + | ||
{| width="80%" border="2" cellspacing="2" cellpadding="2" | {| width="80%" border="2" cellspacing="2" cellpadding="2" | ||
| − | |+ '''APPENDIX TEMPLATE''' | + | |+ '''APPENDIX A: TOOL MATRIX TEMPLATE''' |
|- valign="top" | |- valign="top" | ||
| width="40%" style="background: #FFCC99" | '''Product''' | | width="40%" style="background: #FFCC99" | '''Product''' | ||
Revision as of 19:08, 16 February 2012
| Product | |
| Description | |
| URL | |
| Supported Languages | |
| Supported Platforms Where Tool Runs | |
| Supported Platform Where Target Resides | |
| Supported Compilers | |
| Can Tool be used Remotely? | |
| Finds or Checks for: (Tool Category) | |
| Lifecycle Position(s) | |
| Scalability (Ability to scan up to 1,000,000 LOC?) | |
| Ability to Identify Comments in Code | |
| Ability to Discover Debug Code | |
| Ability to Discover Unused Code | |
| Tool uses CWE Definitions of Vulnerabilities | |
| Frequency of Rule Base Updates by Tool Provider | |
| Ability of Testers to Modify Existing Rule Bases | |
| Ability of Testers to Add New Rule Bases | |
| Ability to provide suggestions for mitigating vulnerabilities (Remediation). If able, is it Active or Passive? | |
| Cost (Hourly/ Flat Fee) [AVAILABILITY] | |
| Licensing | |
| Vendor Technical Support | |
| Vendor Services / Professional services support | |
| Required training or experience level to operate | |
| Vendor provided (or 3rd party provided) training available | |
| Comments |
