Home/ Questions/Q 86583
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T22:16:08+00:00

Anyone have suggestions for security auditing of an .NET Web Application? I’m interested in

  • 0

Anyone have suggestions for security auditing of an .NET Web Application?

I’m interested in all options. I’d like to be able to have something agnostically probe my application for security risks.

EDIT:

To clarify, the system has been designed with security in mind. The environment has been setup with security in mind. I want an independent measure of security, other than – ‘yeah it’s secure’… The cost of having someone audit 1M+ lines of code is probably more expensive than the development. It looks like there really isn’t a good automated/inexpensive approach to this yet. Thanks for your suggestions.

The point of an audit would be to independently verify the security that was implemented by the team.

BTW – there are several automated hack/probe tools to probe applications/web servers, but i’m a bit concerned about whether they are worms or not…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Best Thing to do:

    • Hiring a security guy for source code analysis
    • Second best thing to do hiring a security guy / pentesting company for black-box analysis

    Following tools will help :

    • Static Analysis Tools Fortify / Ounce Labs – Code Review
    • Consider solutions such as HP WebInspects’s secure object (VS.NET addon)
    • Buying a blackbox application scanner such as Netsparker, Appscan, WebInspect, Hailstorm, Acunetix or free version of Netsparker

    Hiring some security specialist is so much better idea (will cost more though) because they won’t only find injection and technical issues where an automated tool might find, they will also find all logical issues as well.

    • 0