PCI DSS Compliant Code Review Tool for ASP.NET

Hi guys

Can anyone recommend code review tools for .NET, specifically ASP.NET/C# which can detect the OWASP Top 10 security vulnerabilities, such as XSS, XSRF, Injection, etc?

We are currently working towards PCI compliance, and section 6 involves code reviews specifically addressing security vulnerabilities. Our auditor specifically recommended using a tool to remove the need for manual code reviews. As we're a small company, that would be ideal

Thanks in advance for all your help

Regards

William

Parasoft offer what seems to be a great solution, but you have to get them to allow you to evaluate it. Seems expensive. Looking for something a little more budget or (ideally) free.

FXCop is there from MS, but I don't know whether it satisfys the requirements
williambailieAsked:
Who is Participating?
 
williambailieConnect With a Mentor Author Commented:
We needed something that is PCI compliant - in the end we outsourced it
0
 
packetguyCommented:
The most widely used tool out there is Nessus (Nessus.org), a comprehensive vulnerability assessment tool that generates simulated attack traffic against web and other network applications and services, then creates a report detailing any vulnerabilities found and recommendations for remediation.  There is a free version for non-commercial use that runs slightly out of date attack profiles.  For the latest feed you need to buy a $1,200/yr subscription.

Nessus started out as open source and experienced a bit of controversy when it went commercial, so there is a fork called OpenVAS (OpenVAS.org). My experience has been that OpenVAS is not yet as easy to use as Nessus, but I'm hoping it will get there soon.
0
 
williambailieAuthor Commented:
Unfortunately, we had to outsource the work, and so the answer was to outsource
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.