OWASP O2 Platform Blog

FxCop Security rules : A nice to have feature on top of O2 platform

While we have seen the  effect of   static analysis at run time in the community, which  was first described with a PoC  using Microsoft’s static analysis tool CAT.NET   and OWASP O2 Platform on top o Visual Studio .Net, we strongly believe  on the value added of using O2 platform as a part of our development work.

In this same way,  a really nice to have feature would be an integration with FxCop . Namely,  FxCop analyzes managed code  and reports information about those assemblies. It analyzes several  areas including : COM, Design, Globalization,  Naming, Performance, Security and Usage. 

The latest version of FxCop was  included as a part of the Microsoft Windows SDK for Windows 7 and .NET Framework 4

Here you have some useful links with all the information  about this tool:

  1. For downloading it:
  2. The  ISO files can also be  downloaded from the below link:
  3. FxCop ASP.NET Security Rules : This is a really interesting project hosted at CodePlex and it offers  a set of rules for ASP.NET applications:
  4. http://fxcopaspnetsecurity.codeplex.com/

It would be great to have those security  rules available on O2 Platform and why not via real-time analysis :).

FxCop ASP.NET Security rules

FxCop ASP.NET Security rules

July 19, 2012 Posted by | .NET, Tools | , , | 1 Comment