Di bawah ini adalah kumpulan aplikasi yang digunakan untuk mencari vulnerabilities pada source code. Pastikan source code anda aman sebelum digunakan / dipublish ke internet. Di bawah ini adalah kumpulan aplikasi yang digunakan untuk mencari vulnerabilities pada source code. Pastikan source code anda aman sebelum digunakan / dipublish ke internet. Tool Description
Flawfinder <http://www.dwheeler.com/flawfinder> Examines source code and reports possible security vulnerabilities RATS <https://www.fortify.com/ssa-elements/threat-intelligence/rats.html>from Secure Software Solutions Scans C, C++, PERL, PHP and Python source code for potential security vulnerabilities. ITS4 from Cigital <http://www.cigital.com/its4/> Scans source code looking for potentially vulnerable function calls and preforms source code analysis to determine the level of risk PScan <http://deployingradius.com/pscan/> A limited problem scanner for C source files BOON <http://www.cs.berkeley.edu/%7Edaw/boon/> Buffer Overrun detectiON MOPS <http://www.cs.berkeley.edu/%7Edaw/mops/> MOdelchecking Programs for Security properties Cqual <http://www.cs.umd.edu/%7Ejfoster/cqual/> A tool for adding type qualifiers to C MC <http://www.stanford.edu/%7Eengler/> Meta-Level Compilation SLAM <http://www.research.microsoft.com/slam/> Microsoft ESC/Java2 <http://secure.ucd.ie/products/opensource/ESCJava2/> Extended Static Checking for Java version 2 Splint <http://splint.org/> Secure Programming Lint MOPED <http://www.fmi.uni-stuttgart.de/szs/tools/moped/> A Model-Checker for Pushdown Systems JCAVE <http://www.sics.se/fdt/projects/vericode/jcave.html> JavaCard Applet Verification Environment The Boop Toolkit <http://boop.sourceforge.net/> Utilizes abstraction and refinement to determine the reachability of program points in a C program Blast <http://www-cad.eecs.berkeley.edu/%7Erupak/blast/> Berkeley Lazy Abstraction Software Verification Tool Uno <http://cm.bell-labs.com/cm/cs/what/uno/> Simple tool for source code analysis PMD <http://pmd.sourceforge.net/> Scans Java source code and looks for potential problems C++ Test<http://www.parasoft.com/jsp/products/home.jsp?product=CppTest&itemId=40>Unit testing and static analysis tool Sumber: http://www.tech-faq.com/how-to-find-security-vulnerabilities-in-source-code.html
