OWASP O2 Platform Blog

FxCop Security rules : A nice to have feature on top of O2 platform

While we have seen the  effect of   static analysis at run time in the community, which  was first described with a PoC  using Microsoft’s static analysis tool CAT.NET   and OWASP O2 Platform on top o Visual Studio .Net, we strongly believe  on the value added of using O2 platform as a part of our development work.

In this same way,  a really nice to have feature would be an integration with FxCop . Namely,  FxCop analyzes managed code  and reports information about those assemblies. It analyzes several  areas including : COM, Design, Globalization,  Naming, Performance, Security and Usage. 

The latest version of FxCop was  included as a part of the Microsoft Windows SDK for Windows 7 and .NET Framework 4

Here you have some useful links with all the information  about this tool:

  1. For downloading it:
  2. The  ISO files can also be  downloaded from the below link:
  3. FxCop ASP.NET Security Rules : This is a really interesting project hosted at CodePlex and it offers  a set of rules for ASP.NET applications:
  4. http://fxcopaspnetsecurity.codeplex.com/

It would be great to have those security  rules available on O2 Platform and why not via real-time analysis :).

FxCop ASP.NET Security rules

FxCop ASP.NET Security rules

July 19, 2012 - Posted by | .NET, Tools | , ,

1 Comment »

  1. Here is a reddit to about this article: http://www.reddit.com/r/CatNet/comments/wtxjy/fxcop_security_rules_a_nice_to_have_feature_on/

    Comment by Dinis Cruz | July 20, 2012 | Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: