Jump to: navigation, search

Zaqar/bp/havana/security-testing

< Zaqar
Revision as of 09:33, 26 August 2013 by Thomas Biege (talk | contribs)

Code Scanning

Jenkins can be used to scan the source code after every code submit or on a regular basis to find simple vulnerabilities. We are limited to freely available code scanners, some examples that need to be verified are

  1. rats (C, C++, Perl, PHP, Python)
  2. pylint quality checker (Python)
  3. PyChecker code checker (Python, last release 2011)
  4. FindBugs (Java)
  5. Yasca Meta-tool to leverage existing tools for scanning (also supports Python)
  6. brakeman Rails security code scanner, good integration in Jenkins (Ruby on Rails)
  7. more tools are listed at Wikipedia

Setup/Design

Deployment Scanning

Setup/Design

References

Resources

  1. Gauntlt
  2. OWASP test-suite
  3. https://code.google.com/p/rough-auditing-tool-for-security/
  4. https://www.owasp.org/index.php/Category:OWASP_Yasca_Project
Retrieved from "https://wiki.openstack.org/w/index.php?title=Zaqar/bp/havana/security-testing&oldid=28832"