Penetration Testing: Re: Vuln Scanner for Web App Source Code

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Vuln Scanner for Web App Source Code

From: bigbert007 <bigbert007 () gmail com>
Date: Tue, 27 May 2008 10:49:38 -0400

Check out Ounce from www.ouncelabs.com or Fortify at www.fortify.com.

Cheers!


NL Nathan LaFollette (2094) wrote:

Veracode is way better than AppScan & WebInspect in my findings.  They
do static binary analysis.  And AppScan & WebInspect have way too many
false positives you have to deal with.

-n

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Kevin Reiter
Sent: Wednesday, May 21, 2008 2:30 PM
To: pen-test () securityfocus com
Subject: RE: Vuln Scanner for Web App Source Code

Vericode - http://www.veracode.com

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of cnanne () gmail com
Sent: Sunday, May 18, 2008 12:16 AM
To: pen-test () securityfocus com
Subject: Vuln Scanner for Web App Source Code

This might be a bit of a dumb question, but does anyone know of a good
Vulnerability Scanner for finding faults in the actual Source Code of
the Web App? Or can this task can only be done by hand?

Any feedback on this is highly appreciative

cheers,

PhoenixRbrth

This message may contain confidential or proprietary information and is
intended solely for the individual(s) to whom it is addressed.  If you
are not a named addressee you should not disseminate, distribute or copy
this e-mail or act upon the information contained herein.  Please notify
the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakesin Securing Web ApplicationsFind out now! Get Webinar Recording and PPT Slides


www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080527-0, 05/27/2008
Tested on: 5/27/2008 10:49:40 AM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakesin Securing Web ApplicationsFind out now! Get Webinar Recording and PPT Slides


www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

By Date By Thread

Current thread:

Re: Vuln Scanner for Web App Source Code, (continued)
- RE: Vuln Scanner for Web App Source Code Kevin Reiter (May 22)
  - RE: Vuln Scanner for Web App Source Code NL Nathan LaFollette (2094) (May 23)
    - Re: Vuln Scanner for Web App Source Code bigbert007 (May 28)
- RE: Vuln Scanner for Web App Source Code FF (May 19)