Security Analysis tool - Anything for Progress?

Posted by tbergman on 29-Mar-2017 12:52

There's an initiative in our company to mandate use of a tool to provide an analysis of potential security faults as code is being developed and/or checked in.

For .Net, Java and PHP, they have chosen a tool called SecureAssist https://codiscope.com/products/secureassist/

Is there anything similar that supports Progress?

Thanks

All Replies

Posted by Matt Baker on 29-Mar-2017 12:58

For web applications, you can use OWASP ZAP which is a PEN testing tool for web applications.  It is agnostic to the technology as it provides a spider/dynamic scan through HTTP.

www.owasp.org/.../OWASP_Zed_Attack_Proxy_Project

This does not perform static code analysis which can reveal other types of flaws.

Posted by Riverside Software on 29-Mar-2017 14:59

I assume your company already evaluated SonarQube ( http://www.sonarqube.org ) which provides checks for Java and PHP (not sure about .Net), and with an excellent integration with code repositories and continuous integration tools.

An OpenEdge plugin for SonarQube is available ( github.com/.../sonar-openedge ), which would allow you to execute coding standards and defect rules (unfortunately no security rules for now), and also to write your own rules if you have specific needs.

Gilles

This thread is closed