Skip to main content
Information Security

All Questions

Ask Question
Tagged with
5 questions
NewestActiveBountiedUnanswered
5votes
6answers
2kviews

Could a computer program be used to automate testing for trapdoors?

Could a computer program given the source or object version of another program be used to automate testing for trapdoors/backdoors?
Webber's user avatar
Webber
  • 101
6votes
3answers
1kviews

How to rate Open Source Libraries?

Is there some kind of automated scanning tool which detects threats in Open Source Java Libraries? I think the OWASP Orizon project tried to build such a tool, but it seems to be inactive for years ...
rdmueller's user avatar
rdmueller
  • 2,783
8votes
6answers
8kviews

Fortify360 - Sinks & Sources - Vulnerability count

In an application security environment, I use Fortify Software's Fortify360 on a daily basis. One of my biggest hurdles is explaining the numbers (sources vs sinks) Fortify flags each location in ...
Purge's user avatar
Purge
  • 2,016
8votes
4answers
1kviews

Benefits of secure code review in-IDE vs. fatapp vs. webapp

For those of you who have worked with commercial secure code review tools such as: Klocwork Coverity Armorize Fortify Checkmarx Appscan Source Edition (formerly Ounce) Or perhaps a free or open-source ...
atdre's user avatar
atdre
  • 19.1k
19votes
6answers
6kviews

Automated tools vs. Manual reviews

What are the advantages of using automated tools, as opposed to manual review? What are the disadvantages? This applies both to external blackbox vulnerability scanning, and to static code analysis. ...
AviD's user avatar
AviD
  • 73.7k

close