Software Security Assessment Tool Review

The OWASP Software Security Assessment and Testing Tools Profiles Project will create a Wiki of current, directly comparable, unbiased information about commercial and open source Software Security Assessment and Testing Tools. Tool descriptions and evaluations exist elsewhere online and offline, e.g., Wikipedia and the NIST SAMATE portal, including the 2008 Naval Ordnance Safety & Security Activity Software Security Assessment Tools Review on the SAMATE portal. On Wikipedia, the quantity and quality of information varies widely due to lack of a standard template for capturing tool information. Government sources are often obsolete by the time they are published, and are seldom updated. Other sources provide different types of information, which is often biased. The OWASP tools Profiles differ from other sources by providing a standard set of information about each tool, allowing for direct comparisons between tools. The initial Profiles are wiki versions of the NOSSA tool descriptions, which we recognize are outdated. The wiki format enables the tool's developer, users, and other stakeholders to easily review and revise/update the information, and the Profile template also includes a field for adding non-standard information. A blank Profile wiki template is also provided for creating new tool Profiles. The tool Profiles will also be updated to add information from SAMATE's source code analyzer descriptions, with the Profile template expanded with new information categories if necessary. The wiki format will also allow for future expansion of the Project to cover other types of software/application security tools.

SAMATE Source Code Analyzers Page http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html SSATR Template use this template to add another tool