• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 998
  • Last Modified:

PCI DSS Compliant Code Review Tool for ASP.NET

Hi guys

Can anyone recommend code review tools for .NET, specifically ASP.NET/C# which can detect the OWASP Top 10 security vulnerabilities, such as XSS, XSRF, Injection, etc?

We are currently working towards PCI compliance, and section 6 involves code reviews specifically addressing security vulnerabilities. Our auditor specifically recommended using a tool to remove the need for manual code reviews. As we're a small company, that would be ideal

Thanks in advance for all your help



Parasoft offer what seems to be a great solution, but you have to get them to allow you to evaluate it. Seems expensive. Looking for something a little more budget or (ideally) free.

FXCop is there from MS, but I don't know whether it satisfys the requirements
  • 2
1 Solution
The most widely used tool out there is Nessus (Nessus.org), a comprehensive vulnerability assessment tool that generates simulated attack traffic against web and other network applications and services, then creates a report detailing any vulnerabilities found and recommendations for remediation.  There is a free version for non-commercial use that runs slightly out of date attack profiles.  For the latest feed you need to buy a $1,200/yr subscription.

Nessus started out as open source and experienced a bit of controversy when it went commercial, so there is a fork called OpenVAS (OpenVAS.org). My experience has been that OpenVAS is not yet as easy to use as Nessus, but I'm hoping it will get there soon.
williambailieAuthor Commented:
We needed something that is PCI compliant - in the end we outsourced it
williambailieAuthor Commented:
Unfortunately, we had to outsource the work, and so the answer was to outsource
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now