[ajug-members] Delphi Pascal code analysis
Dean H. Saxe
dean at fullfrontalnerdity.com
Thu Jan 24 08:37:16 EST 2008
Good luck with that. Let me know if you find anything. Check the
following:
www.fortify.com
www.ouncelabs.com
www.klockwork.com
Also, check out Veracode. They are not doing static analysis, but
binary analysis. I have no ties to any of these companies, though I
often use Fortify with very good results.
-dhs
Dean H. Saxe, CISSP, CEH
dean at fullfrontalnerdity.com
"What is objectionable, what is dangerous about extremists is not that
they are extreme, but that they are intolerant."
-- Robert F. Kennedy, 1964
On Jan 24, 2008, at 8:18 AM, <Gordon.Colburn at AmericanSystems.com> <Gordon.Colburn at AmericanSystems.com
> wrote:
> Dean,
>
>
>
> I agree that a manual inspection is needed for the reason you
> mention. If I can find a good static analyzer, I would like to use
> it in addition to the manual inspection.
>
>
>
> Regards,
>
> Gordon
>
>
>
>
> <logo.gif>
> Gordon Colburn
> Software Architect
>
> 2520 Northwinds Parkway, Suite 300
> Alpharetta, GA 30004
> www.AmericanSystems.com phone: (678) 566-4829
> mobile: (404) 936-6626
> fax: (678) 566-4861
> Gordon.Colburn at AmericanSystems.com
>
> "Contractor of the Year - 5th Annual Greater Washington Government
> Contractor Awards"
> From: Dean H. Saxe [mailto:dean at fullfrontalnerdity.com]
> Sent: Wednesday, January 23, 2008 10:31 AM
> To: ajug-members at ajug.org
> Subject: Re: [ajug-members] Delphi Pascal code analysis
>
>
>
> I'm not aware of any static analysis tools that handle Delphi
> Pascal. I think you may have to approach this via manual
> techniques, which is part and parcel of this kind of review anyway
> since static analysis won't identify flaws (architectural issues)
> only bugs (i.e. developer made a poor choice of APIs to use).
>
>
>
> -dhs
>
>
>
>
>
> Dean H. Saxe, CISSP, CEH
>
> dean at fullfrontalnerdity.com
>
> "Free speech exercised both individually and through a free press,
> is a necessity in any country where people are themselves free."
>
> -- Theodore Roosevelt, 1918
>
>
>
>
>
> On Jan 23, 2008, at 10:07 AM, <Gordon.Colburn at AmericanSystems.com> <Gordon.Colburn at AmericanSystems.com
> > wrote:
>
>
>
>
> Sorry in advanced about the slightly off-topic post.
>
>
>
> I am starting a project that will involve reviewing several bodies
> of Delphi Pascal source code, to assess code quality, security and
> architectural soundness. If anyone has suggestions regarding static
> source code analysis tools, reverse engineering tools or techniques
> for manual code inspections of Delphi Pascal source code, please
> contact me at:
>
>
>
> gordon.colburn at AmericanSystems.com
>
>
>
> or via this forum.
>
>
>
> Thanks,
>
> Gordon
>
>
>
> <logo.gif>
>
> Gordon Colburn
>
> Software Architect
>
>
> 2520 Northwinds Parkway, Suite 300
> Alpharetta, GA 30004
> www.AmericanSystems.com
>
> phone: (678) 566-4829
> mobile: (404) 936-6626
> fax: (678) 566-4861
> Gordon.Colburn at AmericanSystems.com
>
>
> "Contractor of the Year - 5th Annual Greater Washington Government
> Contractor Awards"
>
> LEGAL DISCLAIMER: The information in this email is confidential and
> may be legally privileged. It is intended solely for the addressee.
> Access to this email by anyone else is unauthorized. If you are not
> the intended recipient, any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited
> and may be unlawful.
>
>
>
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members
>
>
>
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ajug.org/pipermail/ajug-members/attachments/20080124/a1d08b62/attachment.html
More information about the ajug-members
mailing list