CodeScan

Now you can build security in to your ASP.NET C# projects from the first line of code you write – Introducing CodeScan for Visual Studio, a tool which fully integrates into your development environment and lifecycle. With support for Visual Studio 2005, 2008 and 2010 – and full integration into the IDE – CodeScan will assist you in identifying and mitigating potential vulnerabilities in your projects.

Most attacks against web infrastructure and applications take advantage of weaknesses that are overlooked in the development of the application, and remain at the source code level. By addressing “Security at the Source”™, security can be developed, measured and managed into applications, rather than addressed after the fact.

CodeScan Visual Studio will locate, examine, report, and help fix your security holes and source code issues.

CodeScan Visual Studio currently supports examination of Microsoft® ASP.NET C#.
Other languages will be addressed shortly.

Development Benefits:
Find and correct vulnerabilities at their source. Early discovery and remediation of source code security vulnerabilities reduces the overall cost of your application development, improving the application’s return on investment and overall organisational security. This ties in with the Microsoft Security Development Lifecyle (SDL)

Audit and Compliance:
Use with your in-house or independently developed source code to help with your compliance requirements, and to control security within development.

CodeScan Visual Studio provides advanced reporting against Industry compliance standards, including ASVS, CWE, and OWASP.

Accurate Vulnerability Discovery
Accurately locate, identify, and report your weaknesses down to the specific line of code introducing the vulnerability. Test for a wide range of issues, including

• Common implementation and
development issues
• Cross Site Scripting
• SQL Injection
• User input filtering