Could Telerik FiddlerCore make a .NET website more secure

curiouswebster
curiouswebster used Ask the Experts™
on
Using Telerik FiddlerCore to make our .NET website more secure

I just learned that FiddlerCore provides much of the functionality of Fiddler, but without the UI. And it seems this is a library designed to be incorporated into .NET programs.

I am looking for ways to reduce the chance that a hacker makes a successful penetration into our website, so using FiddlerCore is interesting to me.

Is this something to be including in the Release version of the website? Is so, please explain what kinds of services it could provide?

I like having advanced functionality under the covers, but only so long as it protects me while not adding some new exposure.

I'd love to hear  your thoughts...

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Exec Consultant
Distinguished Expert 2018
Commented:
FiddlerCore is good as a poxy helper and embedded into codes for the application to perform any intercept and capture of the traffic transacted with the application and user or other processes. And that is about it. I do not say that it is really security driven though as it depends after the capture or intercept what are the application doing with it. If it dump files from the traffic and scan with AV then it is one useful use case. Another is check the traffic dump for any malicious payload which may not necessary be real time but it can forward to other services or scanner service to check.

FiddlerCore is just a supporting means to help you get closer to inspection and securing the exchanges between external interface to your web application. This article has a nice run through on the basic and it also illustrate using it to generate SSL certificate - for this you have to be careful the certificate is to be trusted and the use of crypto must not be weak ones, otherwise it is opening more gaps. https://weblog.west-wind.com/posts/2014/Jul/29/Using-FiddlerCore-to-capture-HTTP-Requests-with-NET

Overall, still treat FiddlerCore as another library used by developer and being software, it can have bugs so patching and diligence in patch still applies, secure code practice to do input validation in use of the library still remain.
curiouswebsterSoftware Engineer

Author

Commented:
thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial