Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > finding security holes

Reply
Thread Tools

finding security holes

 
 
Keith G Hicks
Guest
Posts: n/a
 
      09-06-2008
Does anyone know of any good software out there that can be used for testing
websites for security holes such (but not only) as sql injection? I know MS
has a tool for asp that can find sql injection problems but I could not get
it to work on my asp.net project. And I'm looking for something a bit more
complete.

Thanks,

Keith


 
Reply With Quote
 
 
 
 
Cowboy \(Gregory A. Beamer\)
Guest
Posts: n/a
 
      09-06-2008
One free tool is TAM (Threat Analysis and Modeling Tool) -
http://www.microsoft.com/downloads/d...displaylang=en

There is an Enterprise version of this tool. This is the lite version.

Microsoft also has another tool called SPIDER. I am not sure how to get this
tool, however.

There are numerous code profilers out there that you can use. Most are
focused on performance, however. Compuware does have a security checker,
which I believe is part of DevPartner Studio.

Another direction to go is one of the code checkers. Some, like Code It
Right, have security rules built in. The same is true of free tools like Fx
Cop.
http://www.microsoft.com/downloads/d...DisplayLang=en

For a more hands on approach, Microsoft has a patterns tool called Guidance
Explorer (http://www.codeplex.com/guidanceExplorer). This is not a tool that
necessarily finds bad code, however, it is more a tool that gives you
guidance, so it is not precisely what you are looking at.

Hope this helps!

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
"Keith G Hicks" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Does anyone know of any good software out there that can be used for
> testing
> websites for security holes such (but not only) as sql injection? I know
> MS
> has a tool for asp that can find sql injection problems but I could not
> get
> it to work on my asp.net project. And I'm looking for something a bit more
> complete.
>
> Thanks,
>
> Keith
>
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Three more security holes in IE Imhotep Computer Security 0 03-27-2006 02:14 PM
Exploits are already circulating for the MS security holes patched this week.... Imhotep Computer Security 0 08-12-2005 08:07 PM
Security Holes Michael O'Keefe Firefox 2 03-02-2005 08:21 PM
Oct 12: Three new critical IE security holes found Bruce the Shark Computer Support 13 10-14-2004 04:01 PM
Check for security loop holes Ravi Computer Security 15 12-23-2003 09:06 AM



Advertisments