[Owasp-board] jmanico unveiled

Jeff Williams jeff.williams at owasp.org
Fri Jan 19 02:33:24 UTC 2007

If he hasn’t registered an email, the script can’t return the answer either,





From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Thursday, January 18, 2007 5:44 PM
To: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] jmanico unveiled


Using https://www.owasp.org/index.php/Special:Emailuser/{user
<https://www.owasp.org/index.php/Special:Emailuser/%7buser>  alias} will
work sometimes, but others as in
https://www.owasp.org/index.php/Special:Emailuser/Esheridan  case, it won't
since he has not registed his email address.

It seems that the best solution is a script that can only be invoked by site
syops (that can't be that hard to do) 


On 1/18/07, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:

Also he posted to the codereview and testing lists
. <mailto:jim at manico.net>

jim at manico.net





From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Thursday, January 18, 2007 2:38 PM
To: Javier Fernández-Sanguino
Cc: Owasp-codereview at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] [Owasp-codereview] Code Review projectand


In the Java space the best code scanning tool I see in the OSS space is
FindBugs; and in the commercial space I think Fortify is best.

Instead of worrying about building an actual code scanning tool, why not
focus on maxing a flaw taxonomy database that any tool vendor or OSS project
can use?

- Jim 

Javier Fernández-Sanguino wrote: 

Stephen de Vries dijo:

I mention Flawfinder (and not Rats) because it seems to be more  
developed. It has been brought to my attention that the latest release
(1.27) includes the capability to work with control version systems
(reporting on the differences found when making changes).

Am I correct in assuming that flawfinder can only find issues in C/C+ 
+ code?  If so, this would be of limited benefit to the web app world  
because it's not used as often as things like .NET, PHP and even RoR.

True, flawfinder only works currently for C/C++ code (RATS provides 
coverage of more languages including PHP, Perl and Python). Anyone of 
them, however, could be possibly extended to cover more languages. Maybe 
that's a SoC project on it's own.

Are there any existing tools in OSS land for .NET and PHP?

For PHP: Rats
For .NET: I don't know of any
Owasp-codereview mailing list
Owasp-codereview at lists.owasp.org


Best Regards,
Jim Manico
GIAC GSEC Professional, Sun Certified Java Programmer
jim at manico.net

Owasp-testing mailing list
Owasp-testing at lists.owasp.org 

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070118/ef1836df/attachment-0002.html>

More information about the Owasp-board mailing list