Application Development - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Application Development


Compuware Tool Tightens .Net Application Security



 By: Darryl K. Taft
2006-01-30
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Application Development story.


Rate This Article:
Poor Best
DevPartner SecurityChecker 2.0 improves the quality of Microsoft ASP.Net Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle.

SAN FRANCISCO—Compuware released Jan. 30 a new version of its security analysis tool, DevPartner SecurityChecker 2.0, which will support Visual Studio 2005.

The company also announced a new security assessment offering to help organizations improve application security.

At the VSLive conference here, Detroit-based Compuware launched a new version of its DevPartner SecurityChecker 2.0 security analysis tool, which enables development and testing teams to improve the quality of their Microsoft ASP.Net Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money.

Resource Library:
DevPartner SecurityChecker helps organizations secure applications by automatically identifying security vulnerabilities through a combination of white-box (code scanning and run-time analysis) and black-box (penetration testing) testing techniques and pinpoints the location of the vulnerability in source code, according to John Carpenter, the tools product manager.

Click here to read about Compuwares enhancements to its application quality solutions.

New features include full integration with Visual Studio 2005 and the Microsoft .Net Framework 2.0. Other features include the reduction of false positive reporting; improvements to creating and managing discovery maps; and improvements to existing SQL Injection, Cross-Site Scripting (XSS) and Parameter Tampering vulnerability detection, Carpenter said. A discovery map tells where all the security features are in your application, said Ken Cowan, DevPartner product line manager.

In addition, DevPartner SecurityChecker 2.0 includes 30 new integrity rules, including rules for finding Google hacking vulnerabilities such as pages containing configuration information, hidden content, error information and points of entry; hidden developer information that can be unlocked and viewed by an attacker, like debugging data; examining HTTP headers for cookie and page caching vulnerabilities; and exploiting a vulnerability to bypass the default ASP.Net validation procedure that allows an application to be vulnerable to XSS attacks, Carpenter said.

Meanwhile, the Compuware Security Assessment for ASP.Net applications enables a technician to review the identified application and then perform a security assessment using Compuware DevPartner SecurityChecker, applying three analysis modes to the application. These modes will focus on code-base analysis, run-time analysis and simulation of attacks from a hackers point of view.

Check out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.



  Reader Comments: Compuware Tool Tightens .Net Application Security
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Application Development Articles          >>> More By Darryl K. Taft
 


x}r8s;iW1ŋK-ִmy,Uyc# IlS$|rbbq3 -]sNlDf"H$#I"nZ΄\ܦdwÀ>}K$wB}NUQR #7((bP<HwO7n[Q0Ra᳙*,Q  tjGt0]2d6k6!o4vekOh cߨ_X&``1Zt|R!j 9iݑ |i @I>R(áh] ]( ѼeMQR`}{Te䆡;g? CKt/"(?c&c?9; fw^WB(ƻFՉziZgdd-vu=yͨ /B1r!f-{4_L*-M Dƞ4IC d#̒JK^`:rm3G^C]õ]Z.R͌eCwt=POMҷB($g >v?&K68VR`?ĶhG:]Uh?CWuomz^uߝ;iz]],s&"U+M S ҇P2zhNt(`_dY7;Ͱ-P6CMTjR?t~-trNeW4ϷFs˯sj_/gW~pd-v4򺮕}u;ާyԼ} d}#5&UJDZ-gi& 0h!5tt򸚅AX{t\獒A7nJe_P+).C#-b|+0#ƌ_8r 򋹥s9\_]w2]w;'>ߘecfy 3?TrJw3F~ V7'훗kew''k|w ݹOlDM Wh6w0NXkUV8c_C燙MXCEC0ʾ~Ff;|io]}<:$7cYngs`םBm۲ܹ,BZKEןȃka(7fhX@?$eR2z[&q* ?n^S@7'h脺f-Mn #dh|][w1p3Z&T23}MH#k 3!RB蝦iK _^H*B--\D7h+ԜOٛ"O;zL^"ʥgp 3d{.ӰerqF]7kDm.-s5-wfcZVp3itZם6_.=t[xD18,]evb`\77Zu?1ß|52o+r%(NMf[ԑplPòǔIz=<g 6aϨ>|鎓z>:AGAtišh4ϬP7h`Cҋ;LZ 'pbdx: # 0f4mLH#AтMtT8n]`2Zw9ܻ-L&w zVtc` VGPC!nH }P(Vr`{nȲc@|j JG@i0xzۢ dSJJd$D!-i]R@Az< -,rrl++~#~vGBj+6ODs@PGҹ;qjP)̄rZ z)2ٜʬ$3Mf X*ȉ#o"0%X ,Z Xk5Ʋ fj~iڛ-Â%#bi]ym,`b I[$%\Ew,t3Awq=7߄s w=Mj=""ǰP7Zp(^HISНj!D9z٧l)s-$֒eORumb$l *=Ұ.Z)!d[}aa6E]QYRKHD@CR)ҵ ҊaY^`(1 "x ӡE 7=}0\ReeZȔmm1+Ւ9,Wfn (Ŕ`AE}a &*d ë?v=kOGnzgH~qP9gs?磔YTp$4hS*}a5)403yb|Fȸ>qm?XĞ?z8[8,Y\Η']5!@0mE"A`iNR} ز^z`ُ޴ RX%}T5!cl ԑq,YX6Tصm>0}uD(-CZ!3O΁4uD8F_-ϢAM&4%q8TU&?CU^oVS8;z^*k 5UUR;,Z 7;z&9̓)V3G q'|q_ћz? 3ch9{䳲?7 `3\x+GשUXT8ᔱe1_0kfW S#sq_TҔgDF(/9 .KTNjZ|jVQ=/YQSfca "Զwkq 5\`EYۇNQ>[7i` 922f`KHs h_7`wk*Q :@{!G:0[,(Y)yip^.eϕS)V,tu `_ܚ:z,,HT0?N#3hh 03-tqCUjʾ_n+> (&Lu0Ȉ%=WlTj㻏1_l$R*C01^*== 7S_)-ʶ~g׆QyϤ͋h|5} @mvf36V=_`tmAؙY#7cf۴s:i&2106y-0P>\մJ / XB/b+>aL:+lCs0X3f~+u08 LBlܓ@^􁯍_B-oZc d6ōfπiΈdž m} L m_ۯ `EODF3۝Dp_IUfS΁ۧMOT%0=@" c].g}]٘yֱ4>ʐkxG2gdY JhUm{\ cw2|]>?/$,RIv+Ձ΀LdV֪EzXz,)uzh&RrME7uȋ­7:P$#I P*~JeP'Iվi1RʵRM()Co^DD\%/:&he~6%Kf?ͥZ5?g DsBx`fKܥ@vGܖ[J,]^@ Ba u( =6Q;o]!~%$MX5\=QDu Z:T)U :.izIR/pӁ9tG&l~"ڊ te2q{27(۞k-/$xG?ws̡n02A |$U˚V*jȅe#uL!)Wje>e!eO*lWJ_0]HX9H(P+ Y'ۻBlpI75 SXx|{ [PHXXD>ġifR{e">QTk㘘۽ ~[( L $q)YUihj/nL1ƙ0:kŠrZ (JQwgm@:i]t? =~?Н :wo&Cr鞞 4{=kq O,}U^;8 C_N{/RuGQ^9gP K rCE1>bt߫]=+coZvT0lg睓Ahy# 84+Gw!\OKǽ5?wHλ)ޠw%z0WF:^(d0 s|i]G 7b `xѤĂ@bcxH !m Be\z5g^|}XxrsdQ5õhlS/a Bf-.3b!bNg<APC{ r H)'4 n9>\b{H4VB 0F_Th)4zu3x[)5[E_ſE½}YVS\ |5~WK0fAbQ+F+=ǭOwGH$y >w8/wbP!BQ9o =%E٦z:7dj&ubNL5W"ȶv=O?8 clQ(S!t$-zbeQnKlx0cR蔈'=J8 z>RB'Դ5˓4/iY(Eqjhdꒈ~~ j&'ءX֛_.7'8 $O kzisq/R{qu<:RpDD2à{:&B}XyC(Ť3DJ^KkhVˮu^<~xZR̅0c]9 gEuX.gHUk+tt,Z؍Nڰq ;eΫP|mv,KمN-!WC3lyVѵldN-Ɣ `sBk;GQ0x&4tEWy'("KxQ~4q4Xxju|S5L`aEF<.%-;-QLv\u>\arԁ>cAɼ>#>n2}2J$h﬉~QOv/fCYF=n/vcW}Ǎ>-l-8tǠQ#Ҁ3I1M&ZQH**sᔤ˾vɌX^O&Xd1ם 0d&iK}#uo=إ 'ֻ%=b3 wSeLZ <:,Ę93^-$vK^M\`^*ii34kg:&'%&Ɓ08+a>Vj1ՏΉvR;%|%J*+%qLM퀖khӔ2=K2埇]q $uE/*I=XaAN`TxP#*XsM+ՇѴRrmmr8F1'\"Ň4ciM.zp,~c'6BF@mC x9$!c21)kԘj&QjnS;>++ -5IBkfDci'1bC/::V|u'oӻ?-ȓw1jF)Taz2#fL[xKjS5K-]¤_'˄I2ŀdDBSrEA6sܚOY`wUn0eUR4IOa 6-P82v;>z'+ pnZ.) p,ѻ` >>s[óPCSW$Eڦ_z-epa3W>s7ANp}/E$RHL p%~5Gap$O""[ eĊB4_V/+1*7QVΧn' ~z\:u%EjycO=0dXؕt I@fn =`^+z?x݀@ȩ+ΰ䐼y5 6ǒG'Q9"T^Kdl@5y`MK}WmQ4K&ժR+@ DID 5H2.%4igpeiSWLm]M!$\c6GĢ>u \NyNHC4BF H[Gڊ뒪Hu~a4RcSC9D$eks}Wm̘)R_T6ݾ T_X|xwy@7ڲ~/zv}Dq38J󄿉'\ݯV^ OT;'éhUIpCHQ4̷K^} SqnoަjΜ Rousr , 1MS8 T:oKG*}p^q'J{] vy\S䀰( x1(!g~=7c?r |-Hrf-83 RӒ7Ws^i~]L׿Bx57ҧ~jOd{fevWd}#W4/!|S[!TBA.t˹u1@ a޼ Զ,xYpHp_o}67!~=-ûz0] f/$&͟4xEܤ:_wigtMMMMijMU_7m7/FoSPc&֥#꒶0m1a0 $S@s-:AD[?+Q%;/ P%onM4ǹuGߝItTx_)&t"[W Bx@ A(`O ! Q4`c& lKmnn;=jEՍ!i3\Q׳aBkux2pHxc1Bj hn{s7޷C#P)ѳU}\^:Ya4͍nO˘41L{y+|< ovn`ث abHFSG@FDFxmDxۿ>&'\fՁ W#Oh4W?}iIexKvc0/%12A> 91ڛܴZGZ$:ԝw; Y5o1H{0˫5GClxNaUy.w*`ܒ+lxc֛_ĥX9Wi,\O?Kj/t* dEq:^ϝyCD6OB8Ac %d;6GLHj~6}A+?V4). mX[`8Aŋ\`{_<@VE[6bV̽K畲dR;`9D]›AmAɼ=Ь%5:&9WJD:`ῲVFSXL2J6?6ʅj` n*,> ztowwv]g)5εw 5сOZxz_ګKۨ_xȧ%e]˶$}Ym1n9U,C$&Hm9(7ݸj"-8av| L3f=[G?D=eO) xߦ-50=/ /? I77^G%H+uH GO/ :â?$Lam ߣ1-Y?`#NpoQoc䭼(ud?߿߉!?X3C ߉.>I8O:w&dQ^Bx8n g{{[$ڑ"mv;"*(W#=tߢx.F  T*X#5|5Xœ c2C[Ć6TWc#kx|DyWei.bJeYe9LScWF%3z J 0AX^qST3&Ibo~4Gcu\_QS[­Zį[#rd! `,%7vEaj`8(ĒI O@FpxIYL˃3^B=Jsf41%!q>ƘKjt VSՒRR,w%[dLox?B鞐ք1x*B 'UٜAGu <DZ!դFK 'ZkAo?PQŠx!Ve ubs !dSGI/LiXo>H'*t}jh TִJd i_TϡVR*jZ?V;/!_הV/!0:r` k"5NXie`=Xmy9yJE+ ݷIt=v m5)d Hw@֌^d}TK[RJH`o2gٟg"CXa>:(-`̷UKphY\襃ڕvcz "X_8:uU{{i ~Hkk:8iәHۡ$Z[dн^((=g&`yZܾ\`a䬼2Yqc[QZJYb0 "oHS)q<>3KSǠ=jX:N#Re#Qi^_fFܞUk2**1Xtֿᷚ|Ɉֲs%-vl"4F| ESN(o@p8NљH|dUk{VyOb?{riـjEl~%:tdF6ɝ>&&sُp+3'&ΐ!,E|E|z['AU}>l1Fhb#&HB0\';4ꞓM3taȈxt稯-d=7:}GLW#a=<=w MM <8uE)dgTy"?.clк|ŧtS!F|1[GB(W9$#-hϷFse_WJ)Iݽa?ÈGs{SZ"OaZ1ш@Q>~3&'N;%"&Lmahnon#BLkR_͈)i1lC1+^G>WLQXj*!b3wاX,?@1JBN+Djc/A "PF: 1C~jJ͍$u~6'pxUg- .E.[qw6+נ5T?0 1YGw`C[5EY|obL<`A~JBj@̐0(OIJ uXZFB(s fNHo u7@F`p3W VjMDO"ӡRs]j%u_<AuLTq)UH+^@0Q3:%⍵{$$ ͈u0՝!Xf39]9tHQ{5.Qw'}ZGݪ;Ge{9(4O,<߲s}e)|Q)X7OGYFuavʜP:ͅfUԦF(hq`1D'M&7bS9HShF&5+:v<)))-VNy{9mAS~ O>'99#\_~-4Ϻ˻B)useN9_/Py}9?ρ]"g|./E|E}/>9/r ϋD)?Ar/"2g|/A~.s2gz^N{z9_?r ޿y:?>7??}OP)'ߧ@M^9M@79_zy[9rֺ…۩QNy*P/nr ث:WKs9^}NAF&ݫ^;]a芫-5nk ǤZuvņ^_BKHe^ٛLGP/<,Y}Mʱ 4rk 7[yDYII{2}tEi>r𞫫i@Lwe<_[nNJ>K\ȜHWɴ&Vی xI FUD4k{HO9/>e)cAz[<G4q* =PW].6tżyxL|uӚ޴ܠv<2kݫ++#BAfп~%kS$N^كo ҹlZЙ%Æ>ga#f^*gB8D#0<1Sx ;wMm="t5HÅLH|3q 94l cGGRiejRߑJ0lFGDP1|ˈɪ"+uW9 8]V*r `" *s>P`24UF` Ԋz!OJ1=4`­tK_cwp EЧ /v̆H˘Q͛YH~æJጽNѯDʑ $1` HLBOsgq=q] XI ,<ZA0bl{IW1hӐC Fؒ%Dİ-#G1N>@fL"Z#wJY&5$M!Z7cAqߡ=G'B?9 [ P`t{^ K'Dr&ߢjF T*A[`"fx,c.CQE?q Z<6Trޅw ${@HN, ^DB3s{̪ydaw./ ]@N]oB3S<pӰb2 ?Lw}n`->X v;i;+vma5~`c5Z*[|6SbZ$9dƠֽT#Zc7Xn΀`Pn=,6"f'_t=/k@P~< - ?}6d7[20tgG|םHZqwfh/T RO^!NE:җF޶ëʤ !d b2O|e'0OqcVf⛝M̮+fAj r,[~QCF&'tσxvr.iG&lM[0FK`b?94Ǟ#N >},.I5sEEבE,&J ZsJdB2,'KY܇Д2^XSVT#cE ^1PzSA۽"}מ X?7 6LG1 (OP"cq}$!3FqxK4޳.Dݮ)~xM}F垓-s} 1#qyU YT8R"?}nz.J%6*نxC*Hq&x DeHCgrT~gF}*P=gZP= v"4%Y {ioF}c_V`ńK:F1d7D./&PɕX)Isŧ|om7|BoilyNqI0 n93T:9Am'{';*lٹ ˜1J1Д8ٶ2#OA3r Oe[ O"OCZ24a (fzc< 9znG}L޴_ަJu A]?_vs[>/৲_`UY<鞎FGd M(IS`cQ߇Fu: /AKl2qk[ !ˍ KmӬ1s¥"UXHNRX,8.3 klmwQ .91^"M:5yBt] E hymӕx9" B#VbmR>ǔK ]'[٧3й?-R/e[͌m_X ( L|9N]]PjãÍ'XƸ[[) Iy>p;Щ0T\NX%e܌uF.DmhT4X %*l+S7 /߶S7qݼg¶"yX]A4'X3'5ȱ ya1 g{y瞲{~k#'>fgajl,eH}+qd.'DI Ik.-wvua4,Lb9"[^'QI 8VRжX3e"@a)5zdɄn~3 f<˜4W6QĶqytʵ-˱=S'>U7vlw6k+ȀHY;D5Ra&(/z0~ ǯ*g:~0>~0/rX>e5rä޷`=`Z^}]x O0YdWPRэX -f1%IDb$8ґCA؞Bʄ>e3#7Dn0BrO d[Hօuv\j/cY4~1<99.@OI"cXM1}a`|L2<'\B/0,J!6xŠKNš|Ct'Nʓ@:i]t?J{`ggɳ~NTvQK=