PFCLCode - Tool to Review PL/SQL for Security Issues
PeteFinnigan.com Limited have developed a static source code analyser for PL/SQL. Its primary function is to scan and review your PL/SQL source code. It works by connecting to the database and analyses your PL/SQL packages, procedures, functions and types by extracting them from the database first. The reason we start in the database is because PL/SQL is a database langauge and does not run in isolation from the database. Also we need to assess how and where your PL/SQL code is deployed. The analyser of course focuses on dangerous syntax used and can detect issues such as SQL Injection but it can also tell you about incorrect use of dangerous resources or incorrect management of resources. PFCLCode of course can also address permissions and design decsions made when the code is deployed to the database.
PFCLCode is a Windows based software and it can be used by a developer or a tester or a security analyst to review source code already deployed to a database. It needs to connect to a development or test database or even production to analyse the PL/SQL source code.
We are pre-release at this stage but if you would like to know more we will be happy to discuss the product with you. See below for contact details.
Like to Purchase, More Details?, Want To Partner?
Please email firstname.lastname@example.org to enquire about the product; PFCLCode can also be used as part of a consulting engagement with PeteFinnigan.com where we can assess your deployed PL/SQL for you as part of a source code analysis engagement. Alternately you can purchase a license for PFCLCode from us. Please email for details.