Difference between revisions of "Source Code Analysis Tools"

From OWASP
Jump to: navigation, search
(Commercial Tools from OWASP Members Of This Type)
Line 29: Line 29:
  
 
==Commercial Tools from OWASP Members Of This Type==
 
==Commercial Tools from OWASP Members Of This Type==
 +
 +
These vendors have decided to support OWASP by becoming [[Membership|members]]. OWASP appreciates the support from these organizations, but cannnot endorse any commercial products or services.
  
 
* [http://www.fortifysoftware.com/products/sca.jsp Fortify - Source Code Analysis]
 
* [http://www.fortifysoftware.com/products/sca.jsp Fortify - Source Code Analysis]

Revision as of 21:22, 30 October 2006

Page dedicated to the analysis and comment of Source Code Audit tools:

Description

TBD

Strengths and Weaknesses

Important Selection Criteria

  • Requirement: Must support your language, but not usually a key factor once it does.
  • Types of Vulnerabilities it can detect (Out of the OWASP Top Ten?) (plus more?)
  • Does it require a fully buildable set of source?
  • Can it run against binaries instead of source?
  • Can it be integrated into the developer's IDE?

OWASP Tools Of This Type

Open Source or Free Tools Of This Type

Commercial Tools from OWASP Members Of This Type

These vendors have decided to support OWASP by becoming members. OWASP appreciates the support from these organizations, but cannnot endorse any commercial products or services.

Other Well Known Commercial Tools Of This Type

More Info