Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Secure Source Code Analysis Parser/Tool
From: "Michael Howard" <mikehow () microsoft com>
Date: Tue, 29 Jun 2004 09:29:48 -0700

And then there are Prefix and Postfix, which are going to be in
visual studio "whidbey."

Prefast is in Whidbey Enterprise, beta1 one of which was release today


There's no tool I know of called Postfix!

[Writing Secure Code 2nd Edition]
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[Annual Security Training]

-----Original Message-----
From: Adam Shostack [mailto:adam () homeport org] 
Sent: Tuesday, June 29, 2004 8:33 AM
To: Stan Guzik
Cc: webappsec () securityfocus com
Subject: Re: Secure Source Code Analysis Parser/Tool

On Tue, Jun 29, 2004 at 11:04:42AM -0400, Stan Guzik wrote:
| Hello,
| Does anyone of an open source secure source code analysis parser/tool?
| I'm looking for a parser to run on ASP, ASP.NET, VB, and VB.NET.  If
| tool is for another language that's OK.  If you don't know of a tool
| good reference on how to write on is appreciated.

Its not open source, but FXCop is the most MS oriented source security
tool I know of.  http://www.gotdotnet.com/team/fxcop/   And then there
are Prefix and Postfix, which are going to be in visual studio

There's RATS and Splint, which are open source tools for C, which
aren't ASP, .NET, or VB.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]