*bookmark* On 1/4/11, Adi Nugroho <[email protected]> wrote: > Di bawah ini adalah kumpulan aplikasi yang digunakan untuk mencari > vulnerabilities pada source code. Pastikan source code anda aman sebelum > digunakan / dipublish ke internet. > Di bawah ini adalah kumpulan aplikasi yang digunakan untuk mencari > vulnerabilities pada source code. Pastikan source code anda aman sebelum > digunakan / dipublish ke internet. > Tool Description > > Flawfinder <http://www.dwheeler.com/flawfinder> Examines source code and > reports possible security vulnerabilities > RATS > <https://www.fortify.com/ssa-elements/threat-intelligence/rats.html>from > Secure Software Solutions Scans C, C++, PERL, PHP and Python source > code for potential security vulnerabilities. > ITS4 from Cigital <http://www.cigital.com/its4/> Scans source code > looking for potentially vulnerable function calls and preforms source > code > analysis to determine the level of risk > PScan <http://deployingradius.com/pscan/> A limited problem scanner for C > source files > BOON <http://www.cs.berkeley.edu/%7Edaw/boon/> Buffer Overrun detectiON > MOPS <http://www.cs.berkeley.edu/%7Edaw/mops/> MOdelchecking Programs for > Security properties > Cqual <http://www.cs.umd.edu/%7Ejfoster/cqual/> A tool for adding type > qualifiers to C > MC <http://www.stanford.edu/%7Eengler/> Meta-Level Compilation > SLAM <http://www.research.microsoft.com/slam/> Microsoft > ESC/Java2 <http://secure.ucd.ie/products/opensource/ESCJava2/> Extended > Static Checking for Java version 2 > Splint <http://splint.org/> Secure Programming Lint > MOPED <http://www.fmi.uni-stuttgart.de/szs/tools/moped/> A Model-Checker > for Pushdown Systems > JCAVE <http://www.sics.se/fdt/projects/vericode/jcave.html> JavaCard > Applet Verification Environment > The Boop Toolkit <http://boop.sourceforge.net/> Utilizes abstraction and > refinement to determine the reachability of program points in a C program > Blast <http://www-cad.eecs.berkeley.edu/%7Erupak/blast/> Berkeley Lazy > Abstraction Software Verification Tool > Uno <http://cm.bell-labs.com/cm/cs/what/uno/> Simple tool for source code > analysis > PMD <http://pmd.sourceforge.net/> Scans Java source code and looks for > potential problems > C++ > Test<http://www.parasoft.com/jsp/products/home.jsp?product=CppTest&itemId=40>Unit > testing and static analysis tool > > Sumber: > http://www.tech-faq.com/how-to-find-security-vulnerabilities-in-source-code.html >
-- Best Regards, Blog: http://samardi.wordpress.com Twitter: http://twitter.com/sam_ardi "Good hacker is famous, but a great hacker always anonymous™" "Jangan terima bila segel rusak"
