Kumpulan Aplikasi Pencari Vulnerabilities di Source Code
Revision as of 11:46, 4 January 2011 by Adinugroho (talk | contribs) (New page: Di bawah ini adalah kumpulan aplikasi yang digunakan untuk mencari vulnerabilities pada source code. Pastikan source code anda aman sebelum digunakan / dipublish ke internet. == Kumpulan A...)
Di bawah ini adalah kumpulan aplikasi yang digunakan untuk mencari vulnerabilities pada source code. Pastikan source code anda aman sebelum digunakan / dipublish ke internet.
Kumpulan Aplikasi Pencari Vulnerabilities di Source Code
- http://www.dwheeler.com/flawfinder aFlawfinder Examines source code and reports possible security vulnerabilities
- https://www.fortify.com/ssa-elements/threat-intelligence/rats.html RATS from Secure Software Solutions Scans C, C++, PERL, PHP and Python source code for potential security vulnerabilities.
- http://www.cigital.com/its4/ ITS4 from Cigital Scans source code looking for potentially vulnerable function calls and preforms source code analysis to determine the level of risk
- http://deployingradius.com/pscan/ PScan A limited problem scanner for C source files
- http://www.cs.berkeley.edu/%7Edaw/boon/ BOON Buffer Overrun detectiON
- http://www.cs.berkeley.edu/%7Edaw/mops/ MOPS MOdelchecking Programs for Security properties
- http://www.cs.umd.edu/%7Ejfoster/cqual/ Cqual A tool for adding type qualifiers to C
- http://www.stanford.edu/~engler/ MC Meta-Level Compilation
- http://www.research.microsoft.com/slam/ SLAM Microsoft
- http://secure.ucd.ie/products/opensource/ESCJava2/ ESC/Java2 Extended Static Checking for Java version 2
- http://splint.org/ Splint Secure Programming Lint
- http://www.fmi.uni-stuttgart.de/szs/tools/moped/ MOPED A Model-Checker for Pushdown Systems
- http://www.sics.se/fdt/projects/vericode/jcave.html JCAVE JavaCard Applet Verification Environment
- http://boop.sourceforge.net/ The Boop Toolkit Utilizes abstraction and refinement to determine the reachability of program points in a C program
- http://www-cad.eecs.berkeley.edu/%7Erupak/blast/ Blast Berkeley Lazy Abstraction Software Verification Tool
- http://cm.bell-labs.com/cm/cs/what/uno/ Uno Simple tool for source code analysis
- http://pmd.sourceforge.net/ PMD Scans Java source code and looks for potential problems
- http://www.parasoft.com/jsp/products/home.jsp?product=CppTest&itemId=40 C++ Test Unit testing and static analysis tool