Byte Code Scanners
From SAMATE
Static Byte Code Scanners are used like
Source
Code Security Analyzers, however they detect vulnerabilities in the byte
code.
Some Instances
DISCLAIMER: Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor does it imply that the products are necessarily the best available for the purpose.
By selecting almost any of these links, you will be leaving NIST webspace. We provide these links because they may have information of interest to you. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the assertions presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites.
By selecting almost any of these links, you will be leaving NIST webspace. We provide these links because they may have information of interest to you. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the assertions presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites.
Please contact us if you think something should be included. If it has all the characteristics of the tool, techniques, etc., we will be happy to add it. You can contact us at 
.
| Tool | Language(s) | Avail. | CCR | Finds or Checks for | as of |
|---|---|---|---|---|---|
| AspectCheck | Java and .NET applications, including ASP.NET, C#, and VB.NET | Aspect Security proprietary | security critical calls | 24 Nov 2004 | |
| FindBugs™ | Java class files | free | null pointer deferences, synchronization errors, vulnerabilities to malicious code, etc. It can be linked to Java source code to highlight the problem in the source. | 23 June 2005 | |
| FxCop | .NET managed code assemblies | free | checks for conformance to the Microsoft .NET Framework Design Guidelines: more than 200 defects in: Library design, Globalization, Naming conventions, Performance, Interoperability and portability, Security, and Usage. | 16 May 2008 | |
| Gendarme | .NET Applications | free | extensible rule-based tool to find problems in .NET applications and libraries. | 30 Oct 2008 | |
| Moonwalker | .NET Applications | free | find deadlocks and assertion violations in .NET programs | 14 Nov 2008 | |
| Smokey | .NET or Mono assemblies | correctness, design, security, performance and other rules | 13 Nov 2008 |