Solved

PCI DSS Compliant Code Review Tool for ASP.NET

Posted on 2011-02-12
3
965 Views
Last Modified: 2012-08-14
Hi guys

Can anyone recommend code review tools for .NET, specifically ASP.NET/C# which can detect the OWASP Top 10 security vulnerabilities, such as XSS, XSRF, Injection, etc?

We are currently working towards PCI compliance, and section 6 involves code reviews specifically addressing security vulnerabilities. Our auditor specifically recommended using a tool to remove the need for manual code reviews. As we're a small company, that would be ideal

Thanks in advance for all your help

Regards

William

Parasoft offer what seems to be a great solution, but you have to get them to allow you to evaluate it. Seems expensive. Looking for something a little more budget or (ideally) free.

FXCop is there from MS, but I don't know whether it satisfys the requirements
0
Comment
Question by:williambailie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Expert Comment

by:packetguy
ID: 35080228
The most widely used tool out there is Nessus (Nessus.org), a comprehensive vulnerability assessment tool that generates simulated attack traffic against web and other network applications and services, then creates a report detailing any vulnerabilities found and recommendations for remediation.  There is a free version for non-commercial use that runs slightly out of date attack profiles.  For the latest feed you need to buy a $1,200/yr subscription.

Nessus started out as open source and experienced a bit of controversy when it went commercial, so there is a fork called OpenVAS (OpenVAS.org). My experience has been that OpenVAS is not yet as easy to use as Nessus, but I'm hoping it will get there soon.
0
 

Accepted Solution

by:
williambailie earned 0 total points
ID: 35818954
We needed something that is PCI compliant - in the end we outsourced it
0
 

Author Closing Comment

by:williambailie
ID: 35865655
Unfortunately, we had to outsource the work, and so the answer was to outsource
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question