[Owasp-testing] Code Review project and Code-Scanning-Tool(s)

Javier Fernández-Sanguino jfernandez at germinus.com
Thu Jan 18 04:40:46 EST 2007


Stephen de Vries dijo:
>> I mention Flawfinder (and not Rats) because it seems to be more  
>> actively
>> developed. It has been brought to my attention that the latest release
>> (1.27) includes the capability to work with control version systems
>> (reporting on the differences found when making changes).
> 
> Am I correct in assuming that flawfinder can only find issues in C/C+ 
> + code?  If so, this would be of limited benefit to the web app world  
> because it's not used as often as things like .NET, PHP and even RoR.

True, flawfinder only works currently for C/C++ code (RATS provides 
coverage of more languages including PHP, Perl and Python). Anyone of 
them, however, could be possibly extended to cover more languages. Maybe 
that's a SoC project on it's own.

> Are there any existing tools in OSS land for .NET and PHP?

For PHP: Rats
For .NET: I don't know of any

Regards

Javier


More information about the Owasp-testing mailing list