Category Code Auditing

A tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. The aim of the tool is to accompany the OWASP Code review Guide and to implement a total code review solution for "everyone".

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS and flaw-finder while keeping the technical requirements to a minimum and being very flexible

CERT developed this open source tool so that software developers can test ActiveX controls for vulnerabilities before the software is released to the public.

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

Graudit is a simple script and signature sets that allows you to find potential
security flaws in source code using the GNU utility grep. It’s comparable to
other static analysis applications like RATS and flaw-finder while keeping the
technical requirements to a minimum and being very flexible.

PVS-Studio is a project by a Russian company "Program Verification Systems" designed to help the developers in mastering modern programming techniques. PVS-Studio is a source code static analyzer for diagnosis of errors and mistakes appearing during adaptation of applications code to 64-bit and multi-core systems.

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic

FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic

FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary.

AppCodeScan is a tiny tool designed to help in performing whitebox testing. During whitebox testing one needs to scan complete application code for various different vulnerabilities like XSS, SQL injection, Poor validations etc. It is possible to discover these vulnerable points using this tool and one can follow code walking across the code base to trace this vulnerability

FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic

Pixy is an Open-Source Vulnerability Scanner that identifies SQL, XSS problems in PHP applications.