473,405 Members | 2,141 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > finding security holes

Join Bytes to post your question to a community of 473,405 software developers and data experts.

finding security holes

Does anyone know of any good software out there that can be used for testing
websites for security holes such (but not only) as sql injection? I know MS
has a tool for asp that can find sql injection problems but I could not get
it to work on my asp.net project. And I'm looking for something a bit more
complete.

Thanks,

Keith
Sep 6 '08 #1
1 966
One free tool is TAM (Threat Analysis and Modeling Tool) -
http://www.microsoft.com/downloads/d...displaylang=en

There is an Enterprise version of this tool. This is the lite version.

Microsoft also has another tool called SPIDER. I am not sure how to get this
tool, however.

There are numerous code profilers out there that you can use. Most are
focused on performance, however. Compuware does have a security checker,
which I believe is part of DevPartner Studio.

Another direction to go is one of the code checkers. Some, like Code It
Right, have security rules built in. The same is true of free tools like Fx
Cop.
http://www.microsoft.com/downloads/d...DisplayLang=en

For a more hands on approach, Microsoft has a patterns tool called Guidance
Explorer (http://www.codeplex.com/guidanceExplorer). This is not a tool that
necessarily finds bad code, however, it is more a tool that gives you
guidance, so it is not precisely what you are looking at.

Hope this helps!

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
"Keith G Hicks" <kr*@comcast.netwrote in message
news:uB**************@TK2MSFTNGP04.phx.gbl...
Does anyone know of any good software out there that can be used for
testing
websites for security holes such (but not only) as sql injection? I know
MS
has a tool for asp that can find sql injection problems but I could not
get
it to work on my asp.net project. And I'm looking for something a bit more
complete.

Thanks,

Keith

Sep 6 '08 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

32
Top Ten PHP Security Hole
by: Chung Leong | last post by:
Building web sites with PHP is easy. Building secured web sites--in any language--is hard. The end result is many PHP sites with security issues. I thought therefore it would be a good idea to put...
PHP
1
javascript: protocol security violations
by: Dom Leonard | last post by:
Hi all, I occasionally use the javascript protocol in window.open to retrieve a window property of the opener for use as HTML source: window.htmlSrc="<html>...blah ....<\/html>";...
Javascript
12
File.txt
by: A.M. | last post by:
Hi at all, how can I do to insert into a HTML page a file .txt stored in the same directory of the server where is the html file that must display the text file.txt? Thank you very much P.Pietro
Javascript
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
3
asp.NET dll-component: server security hole ?? (managed component)
by: nicholas | last post by:
I use asp.NET dll components on my website. These are managed components, not like asp components that are un-managed. Those who sell these components say that having an asp.Net component in the...
ASP.NET
7
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
.NET Framework
1
Code Access Security - General Question
by: Jeremy S. | last post by:
..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be...
.NET Framework
0
Networks Hacking (hack C:/ drives, severs...)and security holes all on my website & hacking commands and I explain ways of erasing your tracks so you dont get caught doing "bad" things... What do you think?
by: masterjuan | last post by:
Networks Hacking (hack C:/ drives, severs...)and security holes all on my website & hacking commands and I explain ways of erasing your tracks so you dont get caught doing "bad" things... What do...
HTML / CSS
4
Open port 80, security issues?
by: Bjorn Sagbakken | last post by:
Hi. This might not be the right forum for my question, but still I throw it out: I have just succeeded in publishing my ASP.NET web application on my own PC, opening port 80 in/out in my...
.NET Framework
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!