Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: tools to scan source code
From: "Benjamin Livshits" <livshits () cs stanford edu>
Date: Wed, 13 Sep 2006 15:02:48 -0700

We have contemplated augmenting LAPSE with .NET support. LAPSE, an
open-source Java source code auditing tool, is now housed at OWASP:

        http://www.owasp.org/index.php/Category:OWASP_LAPSE_Project

Let me know if you are interested.

-Ben  

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Ben Hall
Sent: Wednesday, September 13, 2006 2:35 AM
To: Stefano Zanero
Cc: kish_pent () yahoo com; Ric Messier; Wahyu Wijaya H.; 
pen-test () securityfocus com
Subject: Re: tools to scan source code

Hello all,

been watching this conversation closely as it is hugely 
relevant to me at the moment.

I am just about to enter my final year of University, and I 
was hoping to create a static source code analyser for 
ASP.net applications......I thought it was a good idea, 
however after reading this I am starting to think otherwise, 
and maybe there could be better uses of the opportunity to 
complete a large project.

Does anyone have any advice?  I want to do a project involving
security and .net.   I've been recommend to do a application to edit
the http request - like WebScarab however this has been done 
many times, and doesn't represent anything 'new'  and while 
source code auditors aren't new, they are less readily 
available as open source software.  This still is an option I 
might look into, and taking it off on a tangent some how, and 
doing more of a full pen-test application.

I welcome anyones advice.

Thank you

Ben


On 13/09/06, Stefano Zanero <zanero () elet polimi it> wrote:
Hi Kish,

I realize I've been a bit too cryptic in my answer:

Stefano :), you must see Security Forest's page which 
says RATS can 
audit C,C++,Perl,PHP & Python source

code.(http://www.securityforest.com/wiki/index.php/Category:Source_C
ode_Scanners)

Yes, RATS _can_ audit PHP source. What I was referring to 
is that web 
app vulnerabilities have a different structure than the 
vulnerabilities you commonly audit C source code for.

For instance, you can detect candidates for buffer overflow (along 
with a bunch of false positives) through simple regexp pattern 
matching. It's way more difficult to detect with few false 
positives 
candidates for SQL injection.

The fact that RATS is able to handle PHP code is not a 
synonym to the 
fact that it can handle web-app vulnerabilities.

Stefano


----------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php

----------------------------------------------------------------------
--



--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault