Solved

PCI DSS Compliant Code Review Tool for ASP.NET

Posted on 2011-02-12
3
959 Views
Last Modified: 2012-08-14
Hi guys

Can anyone recommend code review tools for .NET, specifically ASP.NET/C# which can detect the OWASP Top 10 security vulnerabilities, such as XSS, XSRF, Injection, etc?

We are currently working towards PCI compliance, and section 6 involves code reviews specifically addressing security vulnerabilities. Our auditor specifically recommended using a tool to remove the need for manual code reviews. As we're a small company, that would be ideal

Thanks in advance for all your help

Regards

William

Parasoft offer what seems to be a great solution, but you have to get them to allow you to evaluate it. Seems expensive. Looking for something a little more budget or (ideally) free.

FXCop is there from MS, but I don't know whether it satisfys the requirements
0
Comment
Question by:williambailie
  • 2
3 Comments
 
LVL 11

Expert Comment

by:packetguy
ID: 35080228
The most widely used tool out there is Nessus (Nessus.org), a comprehensive vulnerability assessment tool that generates simulated attack traffic against web and other network applications and services, then creates a report detailing any vulnerabilities found and recommendations for remediation.  There is a free version for non-commercial use that runs slightly out of date attack profiles.  For the latest feed you need to buy a $1,200/yr subscription.

Nessus started out as open source and experienced a bit of controversy when it went commercial, so there is a fork called OpenVAS (OpenVAS.org). My experience has been that OpenVAS is not yet as easy to use as Nessus, but I'm hoping it will get there soon.
0
 

Accepted Solution

by:
williambailie earned 0 total points
ID: 35818954
We needed something that is PCI compliant - in the end we outsourced it
0
 

Author Closing Comment

by:williambailie
ID: 35865655
Unfortunately, we had to outsource the work, and so the answer was to outsource
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question