[Owasp-testing] Code Review project and Code-Scanning-Tool(s)

Eoin eoinkeary at gmail.com
Thu Jan 18 08:13:49 EST 2007


I was thinking of using the "Checkstyle" framework?
Check it out (google Checkstyle).



On 18/01/07, Dinis Cruz <dinis at ddplus.net> wrote:
>
> We must take this opportunity and use some of the energy that is going
> into the Code Review Guide to create a Code Scanning Tool which identifies
> the issues raised.
>
> I don't care if in its initial version it is just a bunch of regEx and
> cleaver searches (ideally we would expand of projects like our own OWASP
> LAPSE Project<https://www.owasp.org/index.php/Category:OWASP_LAPSE_Project>, but I don't want the guide to be depended on a tool development)
>
> What I would like to happen is that for each major issue (or 'gotcha')
> covered in the Guide, information would be provided on how to detect that in
> a semi-automatic way.
>
> I know that there are exceptions (and let's keep the business logic
> vulnerabilities out of this one) but most issues should be detectable.
>
> Dinis Cruz
> Chief OWASP Evangelist, Are you a member yet?
> http://www.owasp.org
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>


-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070118/266508ee/attachment.html 


More information about the Owasp-testing mailing list