Could Telerik FiddlerCore make a .NET website more secure

Using Telerik FiddlerCore to make our .NET website more secure

I just learned that FiddlerCore provides much of the functionality of Fiddler, but without the UI. And it seems this is a library designed to be incorporated into .NET programs.

I am looking for ways to reduce the chance that a hacker makes a successful penetration into our website, so using FiddlerCore is interesting to me.

Is this something to be including in the Release version of the website? Is so, please explain what kinds of services it could provide?

I like having advanced functionality under the covers, but only so long as it protects me while not adding some new exposure.

I'd love to hear  your thoughts...

Thanks.
newbiewebSr. Software EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
FiddlerCore is good as a poxy helper and embedded into codes for the application to perform any intercept and capture of the traffic transacted with the application and user or other processes. And that is about it. I do not say that it is really security driven though as it depends after the capture or intercept what are the application doing with it. If it dump files from the traffic and scan with AV then it is one useful use case. Another is check the traffic dump for any malicious payload which may not necessary be real time but it can forward to other services or scanner service to check.

FiddlerCore is just a supporting means to help you get closer to inspection and securing the exchanges between external interface to your web application. This article has a nice run through on the basic and it also illustrate using it to generate SSL certificate - for this you have to be careful the certificate is to be trusted and the use of crypto must not be weak ones, otherwise it is opening more gaps. https://weblog.west-wind.com/posts/2014/Jul/29/Using-FiddlerCore-to-capture-HTTP-Requests-with-NET

Overall, still treat FiddlerCore as another library used by developer and being software, it can have bugs so patching and diligence in patch still applies, secure code practice to do input validation in use of the library still remain.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
newbiewebSr. Software EngineerAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.