Security Basics mailing list archives

Re: DOT NET code review

From: "J. Oquendo" <sil () infiltrated net>
Date: Fri, 3 Oct 2008 11:18:25 -0500

On Thu, 02 Oct 2008, Mork wrote:

Hi,

We're doing our Dotnet code review manually. I was wondering if you
guys know a program that would do a first run through the code to
facilitate the job.


FXCop
http://www.microsoft.com/downloads/details.aspx?FamilyID=9aeaa970-f281-4fb0-aba1-d59d7ed09772&displaylang=en

SWAAT
http://www.securitycompass.com/inner_swaat.shtml

Otherwise you can visit NIST's site...
https://samate.nist.gov/index.php/Source_Code_Security_Analyzers



=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, CNDA, CHFI, OSCP

"A good district attorney can indict a ham sandwich
if he wants to ... The accusations harm as much as
the convictions ... they're obviously harmful or it
wouldn't be news.." - John Carter

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB

Current thread:

DOT NET code review Mork (Oct 03)
- Re: DOT NET code review J. Oquendo (Oct 03)
  - Re: DOT NET code review Lee Fisher (Oct 03)
  - File traces Sumeet Narula (Oct 06)
    - Re: File traces Shreyas Zare (Oct 06)
    - Re: File traces Adam Pal (Oct 06)
    - RE: File traces John Grubb (Oct 06)
    - RE: File traces Tiago 'gouki' Faria (Oct 06)
    - Java Enterprise Safe ?? Mattias Hemmmingsson (Oct 07)
    - Re: Java Enterprise Safe ?? Joe (Oct 09)
    - Re: Java Enterprise Safe ?? Gleb Paharenko (Oct 09)
    - Re: Java Enterprise Safe ?? Adriel Desautels (Oct 14)

(Thread continues...)