finding security holes

Discussion in 'ASP .Net' started by Keith G Hicks, Sep 6, 2008.

  1. Does anyone know of any good software out there that can be used for testing
    websites for security holes such (but not only) as sql injection? I know MS
    has a tool for asp that can find sql injection problems but I could not get
    it to work on my asp.net project. And I'm looking for something a bit more
    complete.

    Thanks,

    Keith
     
    Keith G Hicks, Sep 6, 2008
    #1
    1. Advertisements

  2. One free tool is TAM (Threat Analysis and Modeling Tool) -
    http://www.microsoft.com/downloads/...78-9DAF-4E96-B7D1-944703479451&displaylang=en

    There is an Enterprise version of this tool. This is the lite version.

    Microsoft also has another tool called SPIDER. I am not sure how to get this
    tool, however.

    There are numerous code profilers out there that you can use. Most are
    focused on performance, however. Compuware does have a security checker,
    which I believe is part of DevPartner Studio.

    Another direction to go is one of the code checkers. Some, like Code It
    Right, have security rules built in. The same is true of free tools like Fx
    Cop.
    http://www.microsoft.com/downloads/...70-f281-4fb0-aba1-d59d7ed09772&DisplayLang=en

    For a more hands on approach, Microsoft has a patterns tool called Guidance
    Explorer (http://www.codeplex.com/guidanceExplorer). This is not a tool that
    necessarily finds bad code, however, it is more a tool that gives you
    guidance, so it is not precisely what you are looking at.

    Hope this helps!

    --
    Gregory A. Beamer
    MVP, MCP: +I, SE, SD, DBA

    Subscribe to my blog
    http://feeds.feedburner.com/GregoryBeamer#

    or just read it:
    http://feeds.feedburner.com/GregoryBeamer

    ********************************************
    | Think outside the box! |
    ********************************************
    "Keith G Hicks" <> wrote in message
    news:...
    > Does anyone know of any good software out there that can be used for
    > testing
    > websites for security holes such (but not only) as sql injection? I know
    > MS
    > has a tool for asp that can find sql injection problems but I could not
    > get
    > it to work on my asp.net project. And I'm looking for something a bit more
    > complete.
    >
    > Thanks,
    >
    > Keith
    >
    >
     
    Cowboy \(Gregory A. Beamer\), Sep 6, 2008
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    555
    John C. Bollinger
    Aug 4, 2003
  2. Roedy Green

    holes in the syntax

    Roedy Green, Jul 6, 2005, in forum: Java
    Replies:
    13
    Views:
    674
    Roedy Green
    Jul 18, 2005
  3. Marco
    Replies:
    1
    Views:
    2,689
    Roedy Green
    Jan 28, 2006
  4. Mr. SweatyFinger

    CLOWN -HOLES

    Mr. SweatyFinger, Dec 13, 2006, in forum: ASP .Net
    Replies:
    5
    Views:
    559
    Goofy
    Dec 14, 2006
  5. Akram Baig
    Replies:
    0
    Views:
    531
    Akram Baig
    Apr 7, 2011
  6. Larry Martell

    Creating a list with holes

    Larry Martell, Jan 3, 2014, in forum: Python
    Replies:
    8
    Views:
    198
    Denis McMahon
    Jan 4, 2014
  7. Cameron Simpson

    Re: How security holes happen

    Cameron Simpson, Mar 3, 2014, in forum: Python
    Replies:
    5
    Views:
    223
    88888 Dihedral
    Mar 6, 2014
  8. Chris Kaynor

    Re: How security holes happen

    Chris Kaynor, Mar 3, 2014, in forum: Python
    Replies:
    37
    Views:
    465
    Dennis Lee Bieber
    Mar 8, 2014
Loading...