[Owasp-testing] Code Review project and Code-Scanning-Tool(s)
jfernandez at germinus.com
Thu Jan 18 04:40:46 EST 2007
Stephen de Vries dijo:
>> I mention Flawfinder (and not Rats) because it seems to be more
>> developed. It has been brought to my attention that the latest release
>> (1.27) includes the capability to work with control version systems
>> (reporting on the differences found when making changes).
> Am I correct in assuming that flawfinder can only find issues in C/C+
> + code? If so, this would be of limited benefit to the web app world
> because it's not used as often as things like .NET, PHP and even RoR.
True, flawfinder only works currently for C/C++ code (RATS provides
coverage of more languages including PHP, Perl and Python). Anyone of
them, however, could be possibly extended to cover more languages. Maybe
that's a SoC project on it's own.
> Are there any existing tools in OSS land for .NET and PHP?
For PHP: Rats
For .NET: I don't know of any
More information about the Owasp-testing