Листа на софтвер за ревизија на изворен код

Затоа решив да ги набројам алатките што сум ги пронаоѓал со текот на времето кои со сигурност можам да тврдам дека помагаат во повеќето ситуации доколку немате стекнато навика за да си ја тестирате сигурноста на вашите софтвери или напишаниот код. Овие алатки би требало да бидат некој си почеток за кодерите или програмерите во сигурносното програмирање.

Назив на алатката – [ Јазици кои ги подржува] – Веб сајт:

.TEST – [ C#, VB.NET, MC++ ] – http://www.parasoft.com/jsp/products.jsp
ASTRÉE – [ C ] – http://www.astree.ens.fr
Bandera – [ Java ] – http://bandera.projects.cis.ksu.edu/
BLAST – [ C ] – http://mtc.epfl.ch/software-tools/blast/
BOON – [ C ] – http://www.cs.berkeley.edu/~daw/boon/
C Code Analyzer (CCA) – [ C ] – http://www.drugphish.ch/~jonny/cca.html
C++test – [ C++ ] – http://www.parasoft.com/jsp/products.jsp
CCMetrics – [ C#, VB.NET ] – http://www.serviceframework.com/jwss/utility,ccmetrics,utility.aspx
Checkstyle – [ Java ] – http://checkstyle.sourceforge.net/
CodeCenter – [ C ] – http://www.ics.com/products/centerline/codecenter/features.html
CodeScan – [ .ASP, PHP ] – http://www.codescan.com/
CodeSecure – [ PHP, Java ] – http://www.armorize.com/corpweb/en/products/codesecure
CodeSonar – [ C, C++ ] – http://www.grammatech.com/products/codesonar/overview.html
CQual – [ C ] – http://www.cs.umd.edu/~jfoster/cqual
Csur – [ C ] – http://www.lsv.ens-cachan.fr/csur/
Dehydra – [ C++ ] – http://wiki.mozilla.org/Dehydra_GCC
DevInspect – [ C#, Visual Basic, JavaScript, VB Script] – http://www.spidynamics.com/products/devinspect/
DevPartner SecurityChecker – [ C#, Visual Basic ] – http://www.compuware.com/products/devpartner/securitychecker.htm
DoubleCheck – [ C, C++ ] – http://www.ghs.com/products/doublecheck.html
FindBugs – [ Java ] – http://findbugs.sourceforge.net/
FlawFinder – [ C, C++ ] – http://www.dwheeler.com/flawfinder/
Fluid – [ Java ] – http://www.fluid.cs.cmu.edu/
Frama-C – [ C ] – http://frama-c.cea.fr/
ftnchek – [ FORTRAN ] – http://www.dsm.fordham.edu/~ftnchek/
FxCop – [ .NET ] – http://code.msdn.microsoft.com/codeanalysis
g95-xml – [ FORTRAN ] – http://g95-xml.sourceforge.net/
ITS4 – [ C, C++ ] – http://www.cigital.com/its4/
Jlint – [ Java ] – http://artho.com/jlint/
JsLint – [ JavaScript ] – http://www.jslint.com/
Jtest – [ Java ] – http://www.parasoft.com/jsp/products.jsp
KlocWork / K7 – [ C, C++, Java ] – http://www.klocwork.com/products/k7_security.asp
LAPSE – [ Java ] – http://www.owasp.org/index.php/Category:OWASP_LAPSE_Project
MOPS – [ C ] – http://www.cs.berkeley.edu/~daw/mops/
MSSCASI – [ ASP ] – http://www.microsoft.com/downloads/details.aspx?FamilyId=58A7C46E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en
MZTools – [ VB6, VBA ] – http://www.mztools.com/index.aspx/
Oink – [ C++ ] – http://www.cubewano.org/oink
Ounce – [ C, C++, Java, JSP, ASP.NET, VB.NET, C# ] – http://www.ouncelabs.com/accurate-complete-results.html
Perl-Critic – [ Perl ] – http://search.cpan.org/dist/Perl-Critic/
PLSQLScanner 2008 – [ PLSQL ] – http://www.red-database-security.com/software/plsqlscanner.html
PHP-Sat – [ PHP ] – http://www.program-transformation.org/PHP/PhpSat
Pixy – [ PHP ] – http://pixybox.seclab.tuwien.ac.at/pixy/index.php
PMD – [ Java ] – http://pmd.sourceforge.net/
PolySpace – [ Ada, C, C++ ] – http://www.polyspace.com/products.htm
PREfix & PREfast – [ C, C++ ] – http://support.microsoft.com/vst
Prevent – [ C, C++ ] – http://www.coverity.com/html/coverity-software-quality-products.html
PyChecker – [ Python ] – http://pychecker.sourceforge.net/
pylint – [ Python ] – http://www.logilab.org/project/pylint
QA-C, QA-C++, QA-J – [ C, C++, Java, FORTRAN ] – http://www.programmingresearch.com/PRODUCTS.html
QualityChecker – [ Visual Basic 6 ] – http://d.cr.free.fr/
RATS – [ C, C++, Perl, PHP, Python ] – http://www.fortify.com/security-resources/rats.jsp
RSM – [ C, C++, C#, Java ] – http://msquaredtechnologies.com/m2rsm/
Smatch – [ C ] – http://smatch.sourceforge.net/
SCA – [ ASP.NET, C, C++, C#, Java, JSP, PL/SQL, T-SQL, VB.NET, XML ] – http://www.fortifysoftware.com/products/sca/
Skavenger – [ PHP ] – http://code.google.com/p/skavenger/
smarty-lint – [ PHP ] – http://code.google.com/p/smarty-lint/
soot – [ Java ] – http://www.sable.mcgill.ca/soot/
Source Monitor – [ C#, VB.NET ] – http://www.campwoodsw.com/sm20.html
SPARK – [ Ada ] – http://www.praxis-his.com/sparkada/spark.asp
Spike PHP Security Audit Tool – [ PHP ] – http://developer.spikesource.com/projects/phpsecaudit/
Splint – [ C ] – http://www.splint.org/
SWAAT – [ PHP, ASP.NET, JSP, Java ] – http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
UNO – [ C ] – http://spinroot.com/uno/”>
vil – [ C#, VB.NET ] – http://www.1bot.com/
Viva64 – [ C++ ] – http://www.viva64.com/
xg++ – [ C ] – http://www.stanford.edu/~engler/mc-osdi.pdf
YTKScan Java – [ Java ] – http://www.cam.org/~droujav/y2k/Y2KScan.html

За оние кои сакаат нешто повеќе за Source Code Auditing или Secure Coding, можат да погледнат на следниве линкови:

https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards
http://insanesecurity.wordpress.com/2007/10/30/source-code-audit-php/
http://www.vanheusden.com/audit.html
http://mixter.void.ru/vulns.html

Благодарам ;)

П.С.
Доколку наидете на некоја алатка за ревизија или анализа на изворен код, а ја нема во горенаведената листа, можете да ја додадете во коментар, во истиот стил како овде, значи име на алатката, јазици кои ги подржува и веб страна до истата.

t00t w00t

Коментирај

Вашата адреса за е-пошта нема да биде објавена.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Слични статии