FxCop Security rules : A nice to have feature on top of O2 platform

While we have seen the effect of static analysis at run time in the community, which was first described with a PoC using Microsoft’s static analysis tool CAT.NET and OWASP O2 Platform on top o Visual Studio .Net, we strongly believe on the value added of using O2 platform as a part of our development work.

In this same way, a really nice to have feature would be an integration with FxCop . Namely, FxCop analyzes managed code and reports information about those assemblies. It analyzes several areas including : COM, Design, Globalization, Naming, Performance, Security and Usage.

The latest version of FxCop was included as a part of the Microsoft Windows SDK for Windows 7 and .NET Framework 4

Here you have some useful links with all the information about this tool:

For downloading it:

http://blogs.msdn.com/b/codeanalysis/archive/2010/07/26/fxcop-10-0-is-available.aspx
The ISO files can also be downloaded from the below link:

http://www.microsoft.com/en-us/download/details.aspx?id=8442
FxCop ASP.NET Security Rules : This is a really interesting project hosted at CodePlex and it offers a set of rules for ASP.NET applications:
http://fxcopaspnetsecurity.codeplex.com/

It would be great to have those security rules available on O2 Platform and why not via real-time analysis .

FxCop ASP.NET Security rules

July 19, 2012 - Posted by Michael Hidalgo | .NET, Tools | ASP.NET, FxCop, static analysis tool

1 Comment »

Here is a reddit to about this article: http://www.reddit.com/r/CatNet/comments/wtxjy/fxcop_security_rules_a_nice_to_have_feature_on/

Comment by Dinis Cruz | July 20, 2012 | Reply

About

The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.

O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex)

Download

Windows ClickOnce Installer:

Mailing List

The best place to keep updated with the lastest news and developers it to subscribe to the OWASP O2 Platform Mailing list (you can read its archives here)

Other websites

Search for:
Email Subscription

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 11 other followers
.NET .NET SAST AppScan ASP.NET Controls EC2 Fixing Code Fortify HacmeBank IE Automation Interoperability Java JPetStore jQuery Misc Topics Moq Network Security O2 Internals O2 Scripting OWASP Spring MVC Tools Uncategorized Veracode videos VisualStudio Vulnerabilities WatiN Windows Tools WS XSS

Categories
- .NET (43)
- .NET SAST (5)
- AntiXss (2)
- AppScan (4)
- ASP.NET Controls (3)
- CheckMarx (2)
- EC2 (11)
- Fixing Code (4)
- Fortify (9)
- FuzzDB (1)
- GitHub (2)
- HacmeBank (3)
- IE Automation (27)
- Interoperability (29)
- Java (3)
- JPetStore (16)
- jQuery (6)
- Mailman (2)
- MediaWiki (2)
- Misc Topics (3)
- Moq (2)
- Network Security (2)
- NMap (1)
- O2 Internals (14)
- O2 Scripting (4)
- OSX (1)
- OWASP (4)
- Python (1)
- Reflection (1)
- Spring MVC (15)
- TeamMentor (1)
- Tools (7)
- Uncategorized (5)
- Veracode (2)
- videos (7)
- VisualStudio (4)
- Vulnerabilities (2)
- WatiN (29)
- WebGoat (1)
- White_UIAutomation (1)
- Windows Tools (5)
- WS (3)
- XSS (3)
Internals

OWASP O2 Platform Blog