原始碼掃描裝置/軟體列表
For our purposes, a source code security analyzer examines source code to detect and report weaknesses that can lead to security vulnerabilities. They are one of the last lines of defense to eliminate software vulnerabilities during development or after deployment. A Source Code Security Analysis Tool Functional Specification is available. Byte Code Scanners and Binary Code Scanners have similarities, but work at lower levels. [edit] Some Instances DISCLAIMER : Certain trade
[@more@]names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology () (NIST), nor does it imply that the products are necessarily the best available for the purpose. By selecting almost any of these links, you will be leaving NIST webspace. We provided these links because they may have information of interest to you. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the assertions presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Tool Lan- guage(s) Avail. Finds or Checks for ——Date—— ASTRÉE () C contact undefined code constructs or run-time errors, e.g., out-of-bounds array indexing or arithmetic overflow. 1 Mar 2007 BOON (~daw/boon/) C free integer range analysis determines if an array can be indexed outside its bounds 15 Feb 2005 Bugle () any: C, Java, PHP, Perl, ASP, etc. free Use Google Code Search () to find bug patterns in open source software. See the Auto control panel (), too. 3 Dec 2007 C Code Analyzer (~jonny/cca.html) (CCA) C free Out-of-bounds array indexing or arithmetic overflow. aims for no false positives 20 Apr 2006 C++test () C++ Parasoft () "defects, poor constructs, potentially malicious code and other elements" 4 Apr 2006 .TEST () C#, VB.NET, MC++ Jtest () Java WebKing () HTML CodeCenter () C CenterLine Systems () incorrect pointer values, illegal array indices, bad function arguments, type mismatches, and uninitialized variables 28 Oct 2005 CodeScan .ASP PHP CodeScan Labs () … security holes and source code issues … 10 Oct 2006 CodeSecure () PHP, Java (ASP.NET soon) Armorize Technologies () XSS, SQL Injection, Command Injection, tainted data flow, etc. 16 Mar 2007 CodeSonar () C, C++ GrammaTech () null-pointer dereferences, divide-by-zeros, buffer over- and underruns 21 Mar 2005 CQual (~jfoster/cqual) C free uses type qualifiers to perform a taint analysis, which detects format string vulnerabilities 15 Feb 2005 Csur () C free cryptographic protocol-related vulnerabilities 10 Apr 2006 DevInspect (products/devinspect/) C#, Visual Basic, JavaScript, VB Script SPI Dynamics () application vulnerabilities 21 Dec 2004 DevPartner SecurityChecker (products/devpartner/securitychecker.htm) C#, Visual Basic Compuware () known and potential security vulnerabilities 10 Oct 2006 DoubleCheck () C, C++ Green Hills Software () like buffer overflows, resource leaks, invalid pointer references, and violations of … MISRA 09 Jul 2007 Eau Claire () C unk array bounds errors, null pointer dereferences, string functions 15 Feb 2005 Flawfinder () C/C++ free uses of risky functions, buffer overflow (strcpy()), format string ([v][f]printf()), race conditions (access(), chown(), and mktemp()), shell metacharacters (exec()), and poor random numbers (random()). 2005 Fluid () Java call "analysis based verification" for attributes such as race conditions, thread policy, and object access with no false negatives 28 Oct 2005 ITS4 () C, C++ free for non-competing uses potentially dangerous function calls, with risk analysis of some 11 Feb 2005 Jlint () Java free bugs, inconsistencies and synchronization problems 3 Feb 2006 K7 (products/k7_security.asp) C, C++, and Java Klocwork () Access problems, buffer overflow, injection flaws, insecure storage, unvalidated input, etc. 6 July 2005 LAPSE () Java free helps audit Java J2EE applications for common types of security vulnerabilities found in Web applications. 19 Sep 2006 Ounce (accurate-complete-results.html) C, C++, Java, JSP, ASP.NET, VB.NET, C# Ounce Labs () coding errors, security vulnerabilities, design flaws, policy violations and offers remediation 19 Apr 2007 Qualitychecker () VB6 10 Euros / file static analysis tool 4 Sep 2007 PHP-Sat () PHP free static analysis tool, XSS, etc. description (http://ericbouwers.blogspot.com/) 18 Sep 2006 Pixy () PHP free static analysis tool, only detect XSS and SQL Injection 20 Jun 2007 PMD () Java free questionable constructs, dead code, duplicate code 3 Feb 2006 PolySpace () Ada, C, C++ PolySpace Technologies () run-time errors, unreachable code 25 Feb 2005 PREfix and PREfast (http://research.microsoft.com/users/jpincus/icsm.ppt) C, C++ Microsoft proprietary 10 Feb 2006 Prevent () C, C++ Coverity () flaws and security vulnerabilities – reduces false positives while minimizing the likelihood of false negatives. 11 Mar 2005 QA-C, QA-C++, QA-J, QA-FORTRAN, QA-High-Integrity C C, C++, Java, FORTRAN Programming Research () out-of-bounds array indexing 10 Dec 2004 RATS (http://www.securesoftware.com/resources/tools.html) (Rough Auditing Tool for Security) C free potential security risks 2005 Resource Standard Metrics () (RSM) C, C++, C#, and Java M Squared Technologies () Scan for 50 readability or portability problems or questionable constructs, e.g. different number of "new" and "delete" key words or an assignment operator (=) in a conditional (if). 10 Dec 2004 Smatch () C free simple scripts look for problems in simplified representation of code. primarily for Linux kernel code 20 Apr 2006 SCA () ASP.NET, C, C++, C# and other .NET languages, Java, JSP, PL/SQL, T-SQL, VB.NET, XML Fortify Software () security vulnerabilities, tainted data flow, etc. 21 Apr 2006 SPARK tool set () SPARK (Ada subset) Praxis () ambiguous constructs, data- and information-flow errors, any property expressible in first-order logic (Examiner, Simplifier, and SPADE) 29 Aug 2006 Splint () C free security vulnerabilities and coding mistakes. with annotations, it performs stronger checks 2005 SWAAT () PHP,ASP.NET,JSP free SWAAT is an open source web application source code analysis tool 2007 UNO () C free uninitialized variables, null-pointers, and out-of-bounds array indexing and "allows for the specification and checking of a broad range of user-defined properties". aims for a very low false alarm rate. 3 Feb 2006 Viva64 () C++ Viva64 () finds problems in porting to 64-bit architecture, e.g. out-of-bounds indexing or arithmetic overflow. 07 Feb 2007 xg++ (~engler/mc-osdi.pdf)來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/77544/viewspace-1030721/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 從 TWAIN 裝置中掃描影象AI
- 手持裝置掃描槍開發
- 漏洞掃描軟體Nessus使用教程
- BCSphere入門教程03:掃描周圍裝置
- ExactScan文件掃描工具 ExactScan pro 萬 能掃描器整合軟體下載
- PDF檔案掃描文字識別軟體
- VueScan Pro for Mac專業掃描器軟體VueMac
- pl/sql原始碼掃描sql(10g)SQL原始碼
- ubuntu安裝zbar二維碼掃描Ubuntu
- win10掃描器怎麼用_win10自帶掃描軟體在哪裡Win10
- 反編譯某軟體直接進入微信二維碼掃描介面編譯
- vuls掃描安裝文件
- iOS 使用CIDetector掃描相簿二維碼、原生掃描iOSIDE
- iNet Network Scanner for Mac(網路掃描軟體)Mac
- C++原始碼單詞掃描程式(詞法分析)C++原始碼詞法分析
- iOS二維碼掃描iOS
- 條碼列印軟體是否可以製作只能掃描一次的二維碼?
- 掃描技術和掃描工具
- springboot自動掃描新增的BeanDefinition原始碼解析Spring BootBean原始碼
- 【ASeeker】Android 原始碼撈針,服務介面掃描神器Android原始碼
- 電腦執行twincat2掃描ethercat裝置並進行控制
- C++記憶體掃描C++記憶體
- PHP 快速掃描列表建立無限極分類樹PHP
- iOS中二維碼掃描iOS
- postgresql 12.5軟體原始碼安裝SQL原始碼
- 原始碼安裝NTOP監控軟體原始碼
- Pythonpyclamad病毒掃描與目錄病毒掃描指令碼(轉載)Python指令碼
- QingScan掃描器安裝、使用
- 進銷存軟體|雲ERP倉庫管理系統軟體原始碼開源可掃碼原始碼
- iOS 掃描二維碼/條形碼iOS
- 直播軟體原始碼,uniapp捲軸置頂實現原始碼APP
- AWVS掃描器掃描web漏洞操作Web
- 搭建婚戀系統原始碼,軟體是怎麼顯示在裝置上的原始碼
- win10系統掃描器提示掃描不到掃描器如何解決Win10
- 如何編譯安裝原始碼包軟體編譯原始碼
- 掃描二維碼登入思路
- 安卓自定義二維碼掃描安卓
- IOS 使用 ZbarSDK 二維碼掃描iOS