Solved

PCI DSS Compliant Code Review Tool for ASP.NET

Posted on 2011-02-12
3
962 Views
Last Modified: 2012-08-14
Hi guys

Can anyone recommend code review tools for .NET, specifically ASP.NET/C# which can detect the OWASP Top 10 security vulnerabilities, such as XSS, XSRF, Injection, etc?

We are currently working towards PCI compliance, and section 6 involves code reviews specifically addressing security vulnerabilities. Our auditor specifically recommended using a tool to remove the need for manual code reviews. As we're a small company, that would be ideal

Thanks in advance for all your help

Regards

William

Parasoft offer what seems to be a great solution, but you have to get them to allow you to evaluate it. Seems expensive. Looking for something a little more budget or (ideally) free.

FXCop is there from MS, but I don't know whether it satisfys the requirements
0
Comment
Question by:williambailie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Expert Comment

by:packetguy
ID: 35080228
The most widely used tool out there is Nessus (Nessus.org), a comprehensive vulnerability assessment tool that generates simulated attack traffic against web and other network applications and services, then creates a report detailing any vulnerabilities found and recommendations for remediation.  There is a free version for non-commercial use that runs slightly out of date attack profiles.  For the latest feed you need to buy a $1,200/yr subscription.

Nessus started out as open source and experienced a bit of controversy when it went commercial, so there is a fork called OpenVAS (OpenVAS.org). My experience has been that OpenVAS is not yet as easy to use as Nessus, but I'm hoping it will get there soon.
0
 

Accepted Solution

by:
williambailie earned 0 total points
ID: 35818954
We needed something that is PCI compliant - in the end we outsourced it
0
 

Author Closing Comment

by:williambailie
ID: 35865655
Unfortunately, we had to outsource the work, and so the answer was to outsource
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question