Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Source code auditing tools capabilities and evaluation

from [Source Auditor] Network Security [Permanent Link]
Subject: Source code auditing tools capabilities and evaluation
Date: Fri, 25 Feb 2005 14:25:22 -0500 
Hello List.
      Recently we started getting exposed to security vuln like buffer
overflows in our code and scrambled to fix them. However, now we want
to proactively look into such issues before/during the releases.

      We started investigating the tools of some vendors like Ounce
Labs, Klocwork, Fortify , Parasoft and Secure software. We need these
tools for automated builds, security vuln scanning,  etc..

      I  have seen some threads in the past on these lists about such
queries but would like a detailed comments from the end users of such
tools on
      - how are these tools in terms of capabilities ? strengths, limitations...
      - language support (C, C++, Java) , platform support (Windows,
Unix, linux)

     Any other vendors who have such tools (note : not interested in
vendors providing such services) ?

     At same time, we are also interested in improving the development
process(SDLC) and trying to identify the possible improvements. Does
anyone know of such books or give pointers on  what things can be
considered here.

Thanks in advance,
Source auditor
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Source code auditing tools capabilities and evaluation, Source Auditor <=
Previous by Date:  Domain Name Dispute Resolution - Experiences?, Mark Spencer
Next by Date:  Re: Free Webmail w/ SSL?, Unknown
Previous by Thread:  Domain Name Dispute Resolution - Experiences?, Mark Spencer
Next by Thread:  Coldfusion Path Disclosure Vulnerability, Help Required, Maverick The Techie
Indexes:  [Date] [Thread] [Top] [All Lists]