finding security holes

Discussion in 'ASP .Net' started by Keith G Hicks, Sep 6, 2008.

  1. Does anyone know of any good software out there that can be used for testing
    websites for security holes such (but not only) as sql injection? I know MS
    has a tool for asp that can find sql injection problems but I could not get
    it to work on my asp.net project. And I'm looking for something a bit more
    complete.

    Thanks,

    Keith
     
    Keith G Hicks, Sep 6, 2008
    #1
    1. Advertising

  2. One free tool is TAM (Threat Analysis and Modeling Tool) -
    http://www.microsoft.com/downloads/...78-9DAF-4E96-B7D1-944703479451&displaylang=en

    There is an Enterprise version of this tool. This is the lite version.

    Microsoft also has another tool called SPIDER. I am not sure how to get this
    tool, however.

    There are numerous code profilers out there that you can use. Most are
    focused on performance, however. Compuware does have a security checker,
    which I believe is part of DevPartner Studio.

    Another direction to go is one of the code checkers. Some, like Code It
    Right, have security rules built in. The same is true of free tools like Fx
    Cop.
    http://www.microsoft.com/downloads/...70-f281-4fb0-aba1-d59d7ed09772&DisplayLang=en

    For a more hands on approach, Microsoft has a patterns tool called Guidance
    Explorer (http://www.codeplex.com/guidanceExplorer). This is not a tool that
    necessarily finds bad code, however, it is more a tool that gives you
    guidance, so it is not precisely what you are looking at.

    Hope this helps!

    --
    Gregory A. Beamer
    MVP, MCP: +I, SE, SD, DBA

    Subscribe to my blog
    http://feeds.feedburner.com/GregoryBeamer#

    or just read it:
    http://feeds.feedburner.com/GregoryBeamer

    ********************************************
    | Think outside the box! |
    ********************************************
    "Keith G Hicks" <> wrote in message
    news:...
    > Does anyone know of any good software out there that can be used for
    > testing
    > websites for security holes such (but not only) as sql injection? I know
    > MS
    > has a tool for asp that can find sql injection problems but I could not
    > get
    > it to work on my asp.net project. And I'm looking for something a bit more
    > complete.
    >
    > Thanks,
    >
    > Keith
    >
    >
     
    Cowboy \(Gregory A. Beamer\), Sep 6, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Neal Becker

    Re:How security holes happen

    Neal Becker, Mar 3, 2014, in forum: Python
    Replies:
    0
    Views:
    80
    Neal Becker
    Mar 3, 2014
  2. Cameron Simpson

    Re: How security holes happen

    Cameron Simpson, Mar 3, 2014, in forum: Python
    Replies:
    5
    Views:
    91
    88888 Dihedral
    Mar 6, 2014
  3. Chris Angelico

    Re: How security holes happen

    Chris Angelico, Mar 3, 2014, in forum: Python
    Replies:
    0
    Views:
    77
    Chris Angelico
    Mar 3, 2014
  4. Mark Lawrence

    Re: How security holes happen

    Mark Lawrence, Mar 3, 2014, in forum: Python
    Replies:
    0
    Views:
    80
    Mark Lawrence
    Mar 3, 2014
  5. Chris Kaynor

    Re: How security holes happen

    Chris Kaynor, Mar 3, 2014, in forum: Python
    Replies:
    37
    Views:
    246
    Dennis Lee Bieber
    Mar 8, 2014
Loading...

Share This Page