These would be a good compliment to the general security code analysis in Team Developer won't detect denial of service attacks and other more advanced security vunerabilities from the any GUI buffer so I've complied a list of tools that will...

 

http://www.coverity.com/html/prevent-for-c-c++.html
http://www.fortify.com/products/
http://www.ouncelabs.com/resources/code-analysis-faq.asp
http://www.spydynamics.com/

 

These tools protect applications (also discussed in Michael Howard’s book) from things like the following:

 

  • Unvalidated sources of input
    Use of unvalidated input
    Unvalidated output streams

 

Design flaws consist of insecure implementation of security mechanisms, and they include:

 

  • Flawed authorization and access control
    Flawed authorization and session management
    Native code and buffer overflows
    Dynamic code
    Weak encryption
    Application configuration
    Denial of service
    Network communications
    Unsupported application interfaces
    Improper administrative and exception handling