[Owasp-board] jmanico unveiled

Dinis Cruz dinis at ddplus.net
Thu Jan 18 22:44:18 UTC 2007


Using https://www.owasp.org/index.php/Special:Emailuser/{user alias} will
work sometimes, but others as in
https://www.owasp.org/index.php/Special:Emailuser/Esheridan  case, it won't
since he has not registed his email address.

It seems that the best solution is a script that can only be invoked by site
syops (that can't be that hard to do)

Dinis

On 1/18/07, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
>
>  Also he posted to the codereview and testing lists….jim at manico.net
>
>
>
> --Jeff
>
>
>  ------------------------------
>
> *From:* owasp-testing-bounces at lists.owasp.org [mailto:
> owasp-testing-bounces at lists.owasp.org] *On Behalf Of *Jim Manico
> *Sent:* Thursday, January 18, 2007 2:38 PM
> *To:* Javier Fernández-Sanguino
> *Cc:* Owasp-codereview at lists.owasp.org; owasp-testing at lists.owasp.org
> *Subject:* Re: [Owasp-testing] [Owasp-codereview] Code Review projectand
> Code-Scanning-Tool(s)
>
>
>
> In the Java space the best code scanning tool I see in the OSS space is
> FindBugs; and in the commercial space I think Fortify is best.
>
> Instead of worrying about building an actual code scanning tool, why not
> focus on maxing a flaw taxonomy database that any tool vendor or OSS project
> can use?
>
> - Jim
>
> Javier Fernández-Sanguino wrote:
>
> Stephen de Vries dijo:
>
>
>
>  I mention Flawfinder (and not Rats) because it seems to be more
>
> actively
>
> developed. It has been brought to my attention that the latest release
>
> (1.27) includes the capability to work with control version systems
>
> (reporting on the differences found when making changes).
>
>
>
> Am I correct in assuming that flawfinder can only find issues in C/C+
>
> + code?  If so, this would be of limited benefit to the web app world
>
> because it's not used as often as things like .NET, PHP and even RoR.
>
>
>
>
>
> True, flawfinder only works currently for C/C++ code (RATS provides
>
> coverage of more languages including PHP, Perl and Python). Anyone of
>
> them, however, could be possibly extended to cover more languages. Maybe
>
> that's a SoC project on it's own.
>
>
>
>
>
> Are there any existing tools in OSS land for .NET and PHP?
>
>
>
>
>
> For PHP: Rats
>
> For .NET: I don't know of any
>
>
>
> Regards
>
>
>
> Javier
>
> _______________________________________________
>
> Owasp-codereview mailing list
>
> Owasp-codereview at lists.owasp.org
>
> http://lists.owasp.org/mailman/listinfo/owasp-codereview
>
>
>
>
>
>
>
>
>
> --
>
> Best Regards,
>
> Jim Manico
>
> GIAC GSEC Professional, Sun Certified Java Programmer
>
> jim at manico.net
>
> 808.652.3805
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070118/c568515e/attachment-0002.html>


More information about the Owasp-board mailing list