RE: Testing Application vulnerability tools

As for checking the front end and platform you can use Nikto, Paros and
obviously Nessus, but those likely wont find tons of unique holes in the
app. As for the code, .Net unfortunately doesn't receive a lot of open
source love, but you can try fxcop.

It's a code analysis tool for the .NET framework

I wouldn't say it's phenomenal by any means, but its better than

It will only find the most ridiculous glaring holes and not very well at
that. Keep in mind this tool is very primitive.

Some free CR tools...

Also, you could try a demo license of DevInspect from SPI Dynamics.


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of WALI
Sent: Saturday, February 17, 2007 11:22 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Testing Application vulnerability tools

I have a team of software developers involved in writing code for HR
management application. They have put the first module payroll online
everyday, we get reports of users getting access to areas they
The software team is involved in continues debugging and patching.

Is there a tool I can use to do software code review (.NET)

I know it's also design issue but there should be a way I can at least
check the front end (http) interface for common vulnerabilities?