Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Testing Application vulnerability tools

From: "David Bonvillain" <DBonvillain () accuvant com>
Date: Mon, 19 Feb 2007 11:43:52 -0700
As for checking the front end and platform you can use Nikto, Paros and
obviously Nessus, but those likely wont find tons of unique holes in the
app. As for the code, .Net unfortunately doesn't receive a lot of open
source love, but you can try fxcop.
http://www.gotdotnet.com/Team/FxCop/

It's a code analysis tool for the .NET framework

I wouldn't say it's phenomenal by any means, but its better than
nothing.

It will only find the most ridiculous glaring holes and not very well at
that. Keep in mind this tool is very primitive.

http://samate.nist.gov/index.php/Source_Code_Security_Analyzers

Some free CR tools...

Also, you could try a demo license of DevInspect from SPI Dynamics.

-- 
db

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of WALI
Sent: Saturday, February 17, 2007 11:22 AM
To: security-basics () securityfocus com
Subject: Testing Application vulnerability tools

I have a team of software developers involved in writing code for HR 
management application. They have put the first module payroll online
but 
everyday, we get reports of users getting access to areas they
shouldn't. 
The software team is involved in continues debugging and patching.

Is there a tool I can use to do software code review (.NET)

I know it's also design issue but there should be a way I can at least 
check the front end (http) interface for common vulnerabilities?
Previous By Date Next
Previous By Thread Next

Current thread: