Tech Opener

Let's share more

Security Tools for .NET Development

October 13, 2009

Security is a programmer's responsibility.  Your project manager or client is not going to ask for security, but it is a basic implied requirement for any software project.  A good place to start is to look at the top ten common vulnerabilities.  Think about how many of these might affect your current project.  Odds are if you have not consciously though about security, then your application is likely vulnerable.

Since I recently started writing a lot more .NET based applications I have come across two useful tools for assisting in providing application security. Even if you are careful to validate all application inputs, it is still useful to validate your work using these tools.

Anti-XSS - a library that can help sanitize inputs to help protect from cross site scripting attacks. CAT.NET - a Visual Studio plugin that will do code analysis to help identity cross site scripting and SQL injection vulnerabilities.

It is a good idea to set up security scans has part of your project build steps with a continuous integration server.