|
(Page 1 of 3) 1 2 3 Next > Category: Auditing » Source Code Graudit Added 2009-10-12 Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. moth Added 2009-06-08 Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for: 1. Testing Web Application Security Scanners 2. Testing Static Code Analysis tools (SCA) 3. Giving an introductory course to Web Application Security Yasca Added 2008-09-30 Yasca is a source code analyzer that integrates other open-source tools (PMD, FindBugs, Jlint) to produce a single output file. Yasca is easily extensible and includes a large number of custom rules implemented via a plugin-based architecture. Yasca is designed to find "low hanging fruit" and has plugins supporting a variety of languages, but mostly focused on Java and C/C++. Source Security Added 2007-01-15 sourcesec.com provides Web-based access to code auditing applications, and was created to assist developers and users in auditing their programs for vulnerabilities. You can upload your code for static analysis by RATS, Flawfinder and ITS4 as applicable - the C/C++, PHP Python and Perl languages are supported. Additionally, a simplified search function is available which easily allows efficient Web searches for security-related information. LAPSE Added 2006-09-14 LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE is inspired by existing lightweight security auditing tools such as RATS, pscan, and FlawFinder. Unlike those tools, however, LAPSE addresses vulnerabilities in Web applications. LAPSE is not intended as a comprehensive solution for Web application security, but rather as an aid in the code review process. SWAAT Added 2006-09-08 Security compass Web Application Auditing Tool (SWAAT) is a free static web application source code auditing tool. The aim of SWAAT is to help developers, testers, security staff, and auditors locate potentially dangerous portions of source code; it is designed to assist source code review. JAAScois X-Code v1.0 PHP Version Added 2006-07-26 analysis all php projects & discover exploits LiLith Added 2005-11-03 LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws. Flawfinder Added 2003-10-01 Flawfinder searches through source code looking for potential security flaws. It will provide a list of potential security flaws, sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Flawfinder ignores text inside comments and strings. RatScan Added 2003-06-16 'RatScan' a security tool and front-end for the RATS scanner which can check your source code for weaknesses, vulnerabilities and exploits. It can detect potentially dangerous coding practices and advise you on the risks and the various steps needed to secure your code further. It is compatible with multiple programming languages including PHP, C/C++, Perl and others. Browse by category |
|
|
Privacy Statement |
