Hi,
I have query regarding Static code Analysis Tools.
I have got a report from HP's Fortify tool which does static analysis on the source code. It has highlighted vulnerabilities in following areas :
Security :
- Path Manipulation
- Unreleased Resource : Streams
The source code is not mine, I got it from some other firm.
The challenge is what HP's Fortify tool scan reported as mentioned above, when trying to scan with other tools on same source code, like FindBugs -> or by lint its not giving these errors. In fact they are not showing any issues under security.
It will be good if you guys can suggest any promising free tool for static code analysis which should give report similar to what HP Fortify gives in terms of security.
Note : I do not have access to HP's Fortify tool so in order to validate my fixes against the reported issues, I need the similar kind of free tool, which can do the job.
I have already visited these forums and checked, did not find much help.
-MobileSecurityWiki and ashishb->android-security on github
Thanks!
I have query regarding Static code Analysis Tools.
I have got a report from HP's Fortify tool which does static analysis on the source code. It has highlighted vulnerabilities in following areas :
Security :
- Path Manipulation
- Unreleased Resource : Streams
The source code is not mine, I got it from some other firm.
The challenge is what HP's Fortify tool scan reported as mentioned above, when trying to scan with other tools on same source code, like FindBugs -> or by lint its not giving these errors. In fact they are not showing any issues under security.
It will be good if you guys can suggest any promising free tool for static code analysis which should give report similar to what HP Fortify gives in terms of security.
Note : I do not have access to HP's Fortify tool so in order to validate my fixes against the reported issues, I need the similar kind of free tool, which can do the job.
I have already visited these forums and checked, did not find much help.
-MobileSecurityWiki and ashishb->android-security on github
Thanks!
from xda-developers http://ift.tt/291Xxh1
via IFTTT
No comments:
Post a Comment