Q

Top tools for testing Web application security

When it comes to testing Web applications for security, the prominent commercial tools support a variety of languages while open source tools tend to be limited.

What are the top vendors for code analysis for testing Web applications? It seems some vendors are targeted at a single language within the application, not so much the entire Web stack.
More about Web application security tools:
Open source application security testing tools

What to look for in a Web application security testing tool

Free Web application security testing tools you need to get to know
There are a number of commercial vendors and open source products that do security source code reviews, and most of the commercial products support a variety of Web application development languages and environments. Some prominent examples include Coverity, Fortify Software, Klocwork, and Ounce Labs. Each of their tools supports several languages, but you would have to check the vendor's documentation for specific details.

The open source or freely available tools in this space do tend to be more focused on a single language. For example, FindBugs and PMD do static analysis for Java. They are mostly focused on quality issues, but they also find some security defects. For .NET environments, FxCop from Microsoft checks for quality and security issues.

The OWASP Orizon project is intended to be a cross-language framework for security source code review. It is currently in the early stages, but support for both Java and .NET is planned.

This was first published in November 2008

Dig deeper on Software Security Testing Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close