While we have seen the effect of static analysis at run time in the community, which was first described with a PoC using Microsoft’s static analysis tool CAT.NET and OWASP O2 Platform on top o Visual Studio .Net, we strongly believe on the value added of using O2 platform as a part of our development work.
In this same way, a really nice to have feature would be an integration with FxCop . Namely, FxCop analyzes managed code and reports information about those assemblies. It analyzes several areas including : COM, Design, Globalization, Naming, Performance, Security and Usage.
The latest version of FxCop was included as a part of the Microsoft Windows SDK for Windows 7 and .NET Framework 4
Here you have some useful links with all the information about this tool:
- For downloading it:
- The ISO files can also be downloaded from the below link:
- FxCop ASP.NET Security Rules : This is a really interesting project hosted at CodePlex and it offers a set of rules for ASP.NET applications:
It would be great to have those security rules available on O2 Platform and why not via real-time analysis :).