[Owasp-board] jmanico unveiled

• Previous message: [Owasp-board] jmanico unveiled
• Next message: [Owasp-board] [Owasp-codereview] [Owasp-testing] Code Review project and Code-Scanning-Tool(s)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If he hasn’t registered an email, the script can’t return the answer either,
right?

 

--Jeff

 

  _____  

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Thursday, January 18, 2007 5:44 PM
To: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] jmanico unveiled

 

Using https://www.owasp.org/index.php/Special:Emailuser/{user
<https://www.owasp.org/index.php/Special:Emailuser/%7buser>  alias} will
work sometimes, but others as in
https://www.owasp.org/index.php/Special:Emailuser/Esheridan  case, it won't
since he has not registed his email address.

It seems that the best solution is a script that can only be invoked by site
syops (that can't be that hard to do) 

Dinis

On 1/18/07, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:

Also he posted to the codereview and testing lists
. <mailto:jim at manico.net>

jim at manico.net

 

--Jeff

 

  _____  

From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Thursday, January 18, 2007 2:38 PM
To: Javier Fernández-Sanguino
Cc: Owasp-codereview at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] [Owasp-codereview] Code Review projectand
Code-Scanning-Tool(s)

 

In the Java space the best code scanning tool I see in the OSS space is
FindBugs; and in the commercial space I think Fortify is best.

Instead of worrying about building an actual code scanning tool, why not
focus on maxing a flaw taxonomy database that any tool vendor or OSS project
can use?

- Jim 

Javier Fernández-Sanguino wrote: 

Stephen de Vries dijo:
  

I mention Flawfinder (and not Rats) because it seems to be more  
actively
developed. It has been brought to my attention that the latest release
(1.27) includes the capability to work with control version systems
 
(reporting on the differences found when making changes).
      

Am I correct in assuming that flawfinder can only find issues in C/C+ 
 
+ code?  If so, this would be of limited benefit to the web app world  
because it's not used as often as things like .NET, PHP and even RoR.
    

 
True, flawfinder only works currently for C/C++ code (RATS provides 
coverage of more languages including PHP, Perl and Python). Anyone of 
 
them, however, could be possibly extended to cover more languages. Maybe 
that's a SoC project on it's own.
 
  

Are there any existing tools in OSS land for .NET and PHP?
 
    

 
For PHP: Rats
For .NET: I don't know of any
 
 
Regards
 
Javier
_______________________________________________
Owasp-codereview mailing list
 
Owasp-codereview at lists.owasp.org
 
http://lists.owasp.org/mailman/listinfo/owasp-codereview
 
 
 
  

 

-- 
Best Regards,
Jim Manico
GIAC GSEC Professional, Sun Certified Java Programmer
jim at manico.net
 
808.652.3805


_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org 
http://lists.owasp.org/mailman/listinfo/owasp-testing




-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070118/ef1836df/attachment-0002.html>

• Previous message: [Owasp-board] jmanico unveiled
• Next message: [Owasp-board] [Owasp-codereview] [Owasp-testing] Code Review project and Code-Scanning-Tool(s)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]