Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It’s basically a tool-kit for multi-language static analysis. Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages It leverages on external open source […]
RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced […]
CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few minor […]
Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection. The NSA (National Security Agency), working with MITRE, […]
Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP. The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week. This tool is especially welcomed by Darknet as […]
