My company is trying to get a good code security checking package. I
suggested FxCop but it seems to be lacking. We develop Windows Forms
applications and very little asp.net applications. We have looked at some
comercial packages, but they all seem to be overkill. We are developing
using TFS and VSTS and I would like to do a code check and enforcement of
security rules during a check in. We would like to scan for SQL injection
attacks, impersonation, weak encryption, plus any possible hacks.
So, is there any tool that can do this, or are there any rules someone has
extended in FxCop that can handle this? Or is there a tool that will assist
us. We looked at Ounce labs, but this is overkill and way to expensive,
besides I am trying to work with the tools we have (TFS, VSTS, FxCop,etc)
and not bring in another program to learn.
Thanks.
John Wright