|
(Page 1 of 3) 1 2 3 Next > Category: Auditing » Source Code Yasca Added 2008-09-30 Yasca is a source code analyzer that integrates other open-source tools (PMD, FindBugs, Jlint) to produce a single output file. Yasca is easily extensible and includes a large number of custom rules implemented via a plugin-based architecture. Yasca is designed to find "low hanging fruit" and has plugins supporting a variety of languages, but mostly focused on Java and C/C++. Source Security Added 2007-01-15 sourcesec.com provides Web-based access to code auditing applications, and was created to assist developers and users in auditing their programs for vulnerabilities. You can upload your code for static analysis by RATS, Flawfinder and ITS4 as applicable - the C/C++, PHP Python and Perl languages are supported. Additionally, a simplified search function is available which easily allows efficient Web searches for security-related information. LAPSE Added 2006-09-14 LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE is inspired by existing lightweight security auditing tools such as RATS, pscan, and FlawFinder. Unlike those tools, however, LAPSE addresses vulnerabilities in Web applications. LAPSE is not intended as a comprehensive solution for Web application security, but rather as an aid in the code review process. SWAAT Added 2006-09-08 Security compass Web Application Auditing Tool (SWAAT) is a free static web application source code auditing tool. The aim of SWAAT is to help developers, testers, security staff, and auditors locate potentially dangerous portions of source code; it is designed to assist source code review. JAAScois X-Code v1.0 PHP Version Added 2006-07-26 analysis all php projects & discover exploits LiLith Added 2005-11-03 LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws. Flawfinder Added 2003-10-01 Flawfinder searches through source code looking for potential security flaws. It will provide a list of potential security flaws, sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Flawfinder ignores text inside comments and strings. RatScan Added 2003-06-16 'RatScan' a security tool and front-end for the RATS scanner which can check your source code for weaknesses, vulnerabilities and exploits. It can detect potentially dangerous coding practices and advise you on the risks and the various steps needed to secure your code further. It is compatible with multiple programming languages including PHP, C/C++, Perl and others. RATS (Rough Auditing Tool for Security) Added 2002-05-14 RATS, the Rough Auditing Tool for Security, is a security auditing utility for C and C++ code. RATS scans source code, finding potentially dangerous function calls. The goal of this project is not to definitively find bugs (yet). The current goal is to provide a reasonable starting point for performing manual security audits. Fenris Added 2002-05-09 Fenris started as a binary code tracing utility, but since the first release, it gets more and more difficult to write a simple summary of its functionality. Fenris is a comprehensive multi-level code tracer, a bit of a C decompiler, an interactive modular debugger, a code analysis tool, an execution path visualisation tool, a function fingerprinting and symtab recovery tool - all depends on how you use it. Fenris is suitable for everything from bug tracking or protocol analysis to forensics and reverse engineering, doing all the mindless work for you and making your life a bit easier. Browse by category |
|
 Privacy Statement |
