Security Compass releases SWAAT - a web application source code auditing tool
Security Compass has announced the release of a free web application static source code analysis tool called the Securitycompass Web Application Analysis Tool or SWAAT. Currently in its beta release, this .Net command-line tool searches through source code for potential vulnerabilities in the following languages:
* Java and JSP
* ASP.Net
* PHP
Using xml-based signature files, it searches for common functions and expression which may lead to exploits. As the tool is still new, the guys at SC would appreciate any comments you have and testers are welcome to submit feedback to swaat@securitycompass.com. L33tdawg: Nish Bhalla who is the founder of Security Compass will also be at HITBSecConf2006 - Malaysia so you can always catch him then :)