Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I have been using PMD and Findbug for my application but fortify managed to detect some of the security vulnerabilities in my application. I am wondering if there is other open-source software that does the similar job as Fortify?
If your focus is on security, you could benefit from additional security rules. Find Security Bugs is a set of detectors for FindBugs.
Disclaimer : I'm the author of the tool mention
Here is an exhaustive list of static analyzers maintained by the nist : http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html
Sonar is pretty similar to Fortify. However, it focuses more on code quality/metrics rather than security. There is some overlap in informational. Additionally, there are plugins for Sonar such as Security Rules that allow you to add more security metrics.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I am relatively new and unfamiliar with the concept of SCA and vulnerability scans and I've just heard about Veracode and want to venture into more options that are available which share some ( or have some additional functionality ) to Veracode.
Thanks!
Veracode provides us with three kinds of scans, namely:
Static Scans (SAST) - requires source code and integrated into SLDC
at an early stage
Dynamic Scans (DAST) - requires running instance
and integrated towards the end of SLDC
Manual PenTest
SCA - part of SAST, checks for vulnerabilities in libraries you are using for your project
For more information on the difference between SAST and DAST: https://www.synopsys.com/blogs/software-security/sast-vs-dast-difference/
After researching for a while CheckMarx can be used as an alternative SAST solution to Veracode and it offers SCA just like Veracode too
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
How could we test our node.js webserver for security issues?
There are good software like Acunetix which can do a pretty well job. Basically it tests common hacking technics like sql injection and cross scripting, then generating a report of the issues if there are any. But is quite expensive.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I think "Office lens" is quiet a useful tool that turns photos into documents. After that, the documents can be used as input for many other applications. So, I think the release of Office Lens's API will motivate quite a large number of wonderful apps.
Looking forward...
The Office Lens app has been available on the Windows Phone platform for a while now and recently was made available on iOS as well as Android (Beta). http://blogs.office.com/2015/04/02/office-lens-comes-to-iphone-and-android/
Please give it a try.
Since the question specifically talked about creating documents programatically, the Word ObjectModel can be directly used (https://msdn.microsoft.com/en-us/library/office/ff597928.aspx) to achieve the desired result.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Can someone point me to a tutorial or API resource for Autonomy IDOL search?
Thanks.
Also, the API is pretty well documented if you go to the following URL -
http://[autonomy_url]?action=help
Do you have access to an automater acount?
The knowledge base section contains some examples.
If you are using the JAVA API there are JAVADOC with some examples
The COM API contains sample code.
There are three main sources I tend to use, for almost any IDOL Server work: the built in help, the IDOL Server Administration guide and the support site.
Experimentation can be worthwhile, once you have some familiarity with the system.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
While the built-in analytics of MOSS2007 are nice to have - they are inadequate at the same time. Any ideas where I can look for a more comprehensive package? Am I missing something?
Thanks,
Carl
Take a look at Nintex Reporting. We just bought it and it seems like a nice enhancement on top of the out of the box usage reporting. They seem to do everything "right" from a supportability point of view too, so you don't have a tool in there monkeying directly with your content databases.
I've also heard claims from our Webtrends rep that they have some SharePoint-specific capabilities, if that's a product suite you already happen to use.
If you're looking for Usage reporting, you could surf over to http://www.intlock.com/ and look into CardioLog too.