What are the top vendors for code analysis for testing Web applications? It seems some vendors are targeted at a single language within the application, not so much the entire Web stack.
There are a number of commercial vendors and open source products that do security source code reviews, and most of the commercial products support a variety of
Web application development
languages and environments. Some prominent examples include
. Each of their tools supports several languages, but you would have to check the vendor's documentation for specific details.
The open source or freely available tools in this space do tend to be more focused on a single language. For example,
do static analysis for Java. They are mostly focused on quality issues, but they also find some security defects. For .NET environments,
from Microsoft checks for quality and security issues.
OWASP Orizon project
is intended to be a cross-language framework for security source code review. It is currently in the early stages, but support for both Java and .NET is planned.
Dig Deeper on Topics Archive