[Typo3-dev] FYI: automated security checks
Martin T. Kutschker
Martin.T.Kutschker at blackbox.net
Fri Mar 5 12:28:29 CET 2004
Hi!
I've also been reading a book lately (Secure COding by Graff/van Wyk).
The authors suggest the use of security tools.
For Typo3 these two may be of interest.
DISCLAIMER: I did not test these tools. I merely point out their
existence. May those who are interested benefit- if they don't knwo them
already.
Nikto 1.32
Nikto is an Open Source (GPL) web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 2600 potentially dangerous files/CGIs, versions on over 625
servers, and version specific problems on over 230 servers. Scan items
and plugins are frequently updated and can be automatically updated (if
desired).
http://www.cirt.net/code/nikto.shtml
RATS – Rough Auditing Tool for Security 2.1
RATS – Rough Auditing Tool for Security – is an open source tool
developed and maintained by Secure Software security engineers. RATS is
a tool for scanning C, C++, Perl, PHP and Python source code and
flagging common security related programming errors such as buffer
overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.
[...]
RATS is free software. You may copy, distribute, and modify it under the
terms of the GNU Public License.
http://www.securesoftware.com/download_rats.htm
Masi
More information about the TYPO3-dev
mailing list