10项最严重的 Web 应用程序安全风险

https://www.owasp.org/images/b/b7/OWASP_Top_10_2017_%E4%B8%AD%E6%96%87%E7%89%88v1.1.pdf

VCG is an automated code security review tool for C++, C#, VB, PHP, Java and PL/SQL which is intended to drastically speed up the code review process by identifying bad/insecure code.

https://sourceforge.net/projects/visualcodegrepp/?source=typ_redirect

Source Code Analysis Tools

https://www.owasp.org/index.php/Source_Code_Analysis_Tools