黑盒白盒测试工具

http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

C/C++

1、flawfinder

http://www.dwheeler.com/flawfinder/

2、Bunny the Fuzzer (fuzzer function)

http://code.google.com/p/bunny-the-fuzzer/wiki/BunnyDoc

3、rats

http://www.fortify.com/security-resources/rats.jsp



JAVA/JSP

1、findbugs

http://findbugs.sourceforge.net/

2、LAPSE (Eclipse plugin)

http://suif.stanford.edu/~livshits/work/lapse/


PHP

1、Pixy

http://pixybox.seclab.tuwien.ac.at/pixy/


2、swaat

http://www.securitycompass.com/swaat/

Addison Wesley - Secure Programming with Static Analysis - 2007.pdf

Art.of.Software.Security.Assessment.chm

 

给出两款我们用的比较多的java源代码
检查工具:findbugs和 checkstyle

 

Php Code Audits的方向

下面是一个Source Code Auditing tools的一个list[转于网络]

Name - [ language/s supported ] - web link:
.TEST - [ C#, VB.NET, MC++ ] - http://www.parasoft.com/jsp/products.jsp
ASTRéE - [ C ] - http://www.astree.ens.fr
Bandera - [ Java ] - http://bandera.projects.cis.ksu.edu/
BLAST - [ C ] - http://mtc.epfl.ch/software-tools/blast/
BOON - [ C ] - http://www.cs.berkeley.edu/~daw/boon/
C Code Analyzer (CCA) - [ C ] - http://www.drugphish.ch/~jonny/cca.html
C++test - [ C++ ] - http://www.parasoft.com/jsp/products.jsp
CCMetrics - [ C#, VB.NET ] - http://www.serviceframework.com/jwss/utility,ccmetrics,utility.aspx
Checkstyle - [ Java ] - http://checkstyle.sourceforge.net/
CodeCenter - [ C ] - http://www.ics.com/products/centerline/codecenter/features.html
CodeScan - [ .ASP, PHP ] - http://www.codescan.com/
CodeSecure - [ PHP, Java ] - http://www.armorize.com/corpweb/en/products/codesecure
CodeSonar - [ C, C++ ] - http://www.grammatech.com/products/codesonar/overview.html
CQual - [ C ] - http://www.cs.umd.edu/~jfoster/cqual
Csur - [ C ] - http://www.lsv.ens-cachan.fr/csur/
Dehydra - [ C++ ] - http://wiki.mozilla.org/Dehydra_GCC
DevInspect - [ C#, Visual Basic, JavaScript, VB Script] - http://www.spidynamics.com/products/devinspect/
DevPartner SecurityChecker - [ C#, Visual Basic ] - http://www.compuware.com/products/devpartner/securitychecker.htm
DoubleCheck - [ C, C++ ] - http://www.ghs.com/products/doublecheck.html
FindBugs - [ Java ] - http://findbugs.sourceforge.net/
FlawFinder - [ C, C++ ] - http://www.dwheeler.com/flawfinder/
Fluid - [ Java ] - http://www.fluid.cs.cmu.edu/
Frama-C - [ C ] - http://frama-c.cea.fr/
ftnchek - [ FORTRAN ] - http://www.dsm.fordham.edu/~ftnchek/
FxCop - [ .NET ] - http://code.msdn.microsoft.com/codeanalysis
g95-xml - [ FORTRAN ] - http://g95-xml.sourceforge.net/
ITS4 - [ C, C++ ] - http://www.cigital.com/its4/
Jlint - [ Java ] - http://artho.com/jlint/
JsLint - [ JavaScript ] - http://www.jslint.com/
Jtest - [ Java ] - http://www.parasoft.com/jsp/products.jsp
KlocWork / K7 - [ C, C++, Java ] - http://www.klocwork.com/products/k7_security.asp
LAPSE - [ Java ] - http://www.owasp.org/index.php/Category:OWASP_LAPSE_Project
MOPS - [ C ] - http://www.cs.berkeley.edu/~daw/mops/
MSSCASI - [ ASP ] - http://www.microsoft.com/downloads/details.aspx?FamilyId=58A7C46E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en
MZTools - [ VB6, VBA ] - http://www.mztools.com/index.aspx/
Oink - [ C++ ] - http://www.cubewano.org/oink
Ounce - [ C, C++, Java, JSP, ASP.NET, VB.NET, C# ] - http://www.ouncelabs.com/accurate-complete-results.html
Perl-Critic - [ Perl ] - http://search.cpan.org/dist/Perl-Critic/
PLSQLScanner 2008 - [ PLSQL ] - http://www.red-database-security.com/software/plsqlscanner.html
PHP-Sat - [ PHP ] - http://www.program-transformation.org/PHP/PhpSat
Pixy - [ PHP ] - http://pixybox.seclab.tuwien.ac.at/pixy/index.php
PMD - [ Java ] - http://pmd.sourceforge.net/
PolySpace - [ Ada, C, C++ ] - http://www.polyspace.com/products.htm
PREfix & PREfast - [ C, C++ ] - http://support.microsoft.com/vst
Prevent - [ C, C++ ] - http://www.coverity.com/html/coverity-software-quality-products.html
PyChecker - [ Python ] - http://pychecker.sourceforge.net/
pylint - [ Python ] - http://www.logilab.org/project/pylint
QA-C, QA-C++, QA-J - [ C, C++, Java, FORTRAN ] - http://www.programmingresearch.com/PRODUCTS.html
QualityChecker - [ Visual Basic 6 ] - http://d.cr.free.fr/
RATS - [ C, C++, Perl, PHP, Python ] - http://www.fortify.com/security-resources/rats.jsp
RSM - [ C, C++, C#, Java ] - http://msquaredtechnologies.com/m2rsm/
Smatch - [ C ] - http://smatch.sourceforge.net/
SCA - [ ASP.NET, C, C++, C#, Java, JSP, PL/SQL, T-SQL, VB.NET, XML ] - http://www.fortifysoftware.com/products/sca/
Skavenger - [ PHP ] - http://code.google.com/p/skavenger/
smarty-lint - [ PHP ] - http://code.google.com/p/smarty-lint/
soot - [ Java ] - http://www.sable.mcgill.ca/soot/
Source Monitor - [ C#, VB.NET ] - http://www.campwoodsw.com/sm20.html
SPARK - [ Ada ] - http://www.praxis-his.com/sparkada/spark.asp
Spike PHP Security Audit Tool - [ PHP ] - http://developer.spikesource.com/projects/phpsecaudit/
Splint - [ C ] - http://www.splint.org/
SWAAT - [ PHP, ASP.NET, JSP, Java ] - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
UNO - [ C ] - http://spinroot.com/uno/">
vil - [ C#, VB.NET ] - http://www.1bot.com/
Viva64 - [ C++ ] - http://www.viva64.com/
xg++ - [ C ] - http://www.stanford.edu/~engler/mc-osdi.pdf
YTKScan Java - [ Java ] - http://www.cam.org/~droujav/y2k/Y2KScan.html

支持php的有:

CodeScan - [ .ASP, PHP ] - http://www.codescan.com/
CodeSecure - [ PHP, Java ] - http://www.armorize.com/corpweb/en/products/codesecure
PHP-Sat - [ PHP ] - http://www.program-transformation.org/PHP/PhpSat
Pixy - [ PHP ] - http://pixybox.seclab.tuwien.ac.at/pixy/index.php
RATS - [ C, C++, Perl, PHP, Python ] - http://www.fortify.com/security-resources/rats.jsp
Skavenger - [ PHP ] - http://code.google.com/p/skavenger/
smarty-lint - [ PHP ] - http://code.google.com/p/smarty-lint/
Spike PHP Security Audit Tool - [ PHP ] - http://developer.spikesource.com/projects/phpsecaudit/
SWAAT - [ PHP, ASP.NET, JSP, Java ] - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project

另外还有一个Fortify - http://www.fortifysoftware.com [如果还有,请帮忙补充]

目前就php的Source Code Auditing tool基本都是静态分析的,而Source Code Auditing一直围绕着2个元素:变量和函数.也就是说这些tools不管是php开发的还是java开发的,也不管是不是基于php原代码的,他本身都对一些危险的函数和变量都对应的一个'字典'[特征字符串],这些tools都是通过查找这些字典,然后跟踪变量来分析代码.

但是随着程序员安全意识的提高,很多的程序员也知道了这些'字典'了,都有对应的过滤,所以那些传统的问题,很找在大型程序里出现了.所以只有通过扩大我们的字典才有更多的机会去找到应用程序的漏洞.我们的途径有:

    * 分析和学习别人发现的漏洞或者exp,如大牛Stefan Esser发现的那些问题,rgod等以前发的那些exp
    * 通过学习php手册或者官方文档了解php 一些函数的'特性'
    * fuzz php的函数,找到新的有问题的函数[不一定非要溢出的]
    * 分析php源代码,发现新的漏洞函数'特性'或者漏洞
    * 有条件或者机会和开发者学习,找到他们实现某些常用功能的代码的缺陷或者容易忽视的问题
     * 你有什么要补充的吗? :)

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值