Code security testing tools

Tools

Cppcheck (static code analyzer)

code analysis

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

gauntlt (attack framework for developers)

code analysis

Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.

gosec (Golang security checker)

code analysis, safe software development

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.

graudit (static code analysis tool)

code analysis

Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.

Shellharden (linting tool for shell scripts)

code analysis

Shellharden helps to detect flaws in shell scripts that may result in vulnerabilities. While being similar to Shellcheck, this tool can apply the suggested changes to a shell script.

WPSploit (scanner for WP themes and plugins)

code analysis

WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.