Home page logo
/

basics logo Security Basics mailing list archives

Re: Testing Application vulnerability tools
From: Romain Gaucher <romain.gaucher () nist gov>
Date: Tue, 20 Feb 2007 14:45:25 -0500

Hi,
Actually, I understood that he needed a tool for code review.
Then AppScan and Acunetix WVS are not doing this, they are only Back box tester as far as I know.
So I would say for the crystal box:
- DevInspect from SPI-Dynamics
- Tracer from Fortify

--Romain


manmohan pv wrote:
Hi

I think Appscan or Acunetix are the two tools used to
find the CSS and SQL related issues.

both are commercial tools.

-thanks manmohan

--- WALI <hkhasgiwale () gmail com> wrote:

I have a team of software developers involved in
writing code for HR management application. They have put the first module payroll online but everyday, we get reports of users getting access to areas they shouldn't. The software team is involved in continues debugging
and patching.

Is there a tool I can use to do software code review
(.NET)

I know it's also design issue but there should be a
way I can at least check the front end (http) interface for common
vulnerabilities?





                
___________________________________________________________ Now you can have your favourite RSS headlines come to you with the all new Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html



--
Romain Gaucher
romain.gaucher () nist gov
National Institute of Standards and Technology
SAMATE Project: http://samate.nist.gov
Phone: (301)-975-3354


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]