RE: Testing Application vulnerability tools

[<rvasilabs () rvasi com>]

I would recommend taking a good look at what OUNCE Labs offers
(http://www.ouncelabs.com/software-security-solution.html) when it comes to
application security source code analysis. I would also recommend looking at
the front-end with WebInspect (http://www.spidynamics.com/), Paros
(http://www.parosproxy.org/index.shtml), several other App/system security
testing tools, and conducting business rule and best practice checks as
well.  

Of course you could always give us a call...(very shameless plug):)

Cheers,

Carl Davis, C|EH, CISSP, MCSE, CCSA
Ethical Hacking Team Lead
RVASI - Ethical Hacking Solutions
Office: 402.350.8752
Fax: 402.614.5494
Site: www.rvasi.com
Forum: www.rvasi.com/forum
Group: http://groups.google.com/group/CorporateInfoSec
   
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of WALI
Sent: Saturday, February 17, 2007 12:22 PM
To: security-basics () securityfocus com
Subject: Testing Application vulnerability tools


I have a team of software developers involved in writing code for HR 
management application. They have put the first module payroll online but 
everyday, we get reports of users getting access to areas they shouldn't. 
The software team is involved in continues debugging and patching.

Is there a tool I can use to do software code review (.NET)

I know it's also design issue but there should be a way I can at least 
check the front end (http) interface for common vulnerabilities?