DevPartner Security Checker and Fault Simulator

By Martin Heller

March 21, 2005

(DevPartner Security Checker and Fault Simulator :  Page 1 of 1 )

There's something of a glut of good advice about application security for developers these days, from web sites like the MSDN Security Developer Center and OWASP, and from books like Keith Brown's .NET Developer's Guide to Windows Security (Addison-Wesley, 2005; ISBN 0321228359) or Howard and LeBlanc's Writing Secure Code, Second Edition (Microsoft Press, 2002; ISBN 0735617228). You can also get useful information from e-mail newsletters like @RISK from SANS, which tells you about the current security vulnerabilities of major products, which in turn tells you what not to do in your own applications. The hard part is applying all that good advice.

It takes knowledge, discipline, will, and time to secure your applications. The applications that are most vulnerable to attack are the ones most exposed to attackers: in other words, applications hosted on the public Internet.

There are hundreds of ways that a web application can be compromised, from buffer overruns to cross-site scripting to SQL injection. All it takes is one little mistake, and hundreds of thousands of customers can lose their credit card and other personal information to attackers. I only wish I were exaggerating.

Security Checker

DevPartner Security Checker from Compuware ($12,000 per concurrent user) is, in Compuware's own words, a "powerful security analysis tool that helps quickly scan, locate, and fix known and potential security vulnerabilities in ASP.NET applications written in either C# or Visual Basic .NET. DevPartner SecurityChecker automates detection processes through a combination of runtime, compile-time, and integrity analyses that pinpoint the exact location of vulnerable source code and hard-to-find security problems."

Security Checker integrates with Visual Studio .NET and tests an ASP.N

 Page 1 of 1