This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Source Code Analysis Tools
From OWASP
Revision as of 02:22, 31 October 2006 by Wichers (talk | contribs) (→Commercial Tools from OWASP Members Of This Type)
Page dedicated to the analysis and comment of Source Code Audit tools:
Description
TBD
Strengths and Weaknesses
Important Selection Criteria
- Requirement: Must support your language, but not usually a key factor once it does.
- Types of Vulnerabilities it can detect (Out of the OWASP Top Ten?) (plus more?)
- Does it require a fully buildable set of source?
- Can it run against binaries instead of source?
- Can it be integrated into the developer's IDE?
OWASP Tools Of This Type
Open Source or Free Tools Of This Type
- Microsoft - FxCop: Tool that checks .NET managed code assemblies for conformance to the Microsoft .NET Framework Design Guidelines
- Microsoft - PreFix
- Microsoft - PreFast
- SWAAT - Simplistic Beta Tool - Languages: Java, JSP, ASP .Net, and PHP
- Secure Software - RATS - Scans C, C++, Perl, PHP and Python source code for security problems like buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions
Commercial Tools from OWASP Members Of This Type
These vendors have decided to support OWASP by becoming members. OWASP appreciates the support from these organizations, but cannnot endorse any commercial products or services.
