Integrated Security ASP.Net: Are you concerned about your ASP.NET application security issues? Compuware’s DevPartners integrated SecurityChecker software will help you to locate security vulnerabilities in your ASP.NET applications. Learn more about using SecurityChecker for improving your ASP .NET code based security.

---

Increasingly, ASP.NET developers are being asked to wear two hats; one as a developer of applications that work in very complex distributed environments, and the other as a security expert who must build security into ASP.NET applications during development.

Not surprisingly, with development time at a premium, security is often shortchanged. Ideally, developers need a tool that automates many tasks related to discovering and resolving security Issues during development—a tool that literally becomes a security expert on the developer’s behalf. Compuware’s DevPartner SecurityChecker is designed to do just that: locate security vulnerabilities in ASP.NET applications, while fitting smoothly into the development process.

ASP.NET and security

Microsoft’s ASP.NET is well on its way to becoming the premier framework for web-based applications. Coupled with Visual Studio .NET, ASP.NET creates a well-architected platform developers can use to quickly erect multi-tier web applications. Applications exposed to the web, however, are also exposed to attack. The ongoing growth of the web guarantees an increase in both the amount of code placed on the Internet and the population of users for that code. IDC forecasts that within five years, the number of Internet users will double, and Internet commerce will increase ten-fold. In most cases, users will access an organization’s web-based applications in absolutely benign and altogether proper ways. But the Internet’s citizenry is not entirely well-mannered. There’s no need to recount the numerous news stories of hacker break-ins to justify this point.

In addition, as applications grow more complicated, the task of safeguarding an application grows more complicated as well. Web of applications that work in very complex distributed environments, and the other as a security expert who must build security into ASP.NET applications during development. Not surprisingly, with development time at a premium, security is often shortchanged. Ideally, developers need a tool that automates many tasks related to discovering and resolving security Issues during development—a tool that literally becomes a security expert on the developer’s behalf. Compuware’s DevPartner SecurityChecker is designed to do just that: locate security vulnerabilities in ASP.NET applications, while fitting smoothly into applications are not monolithic structures; they are assemblages of interoperating, yet unalike, modules that carry out different duties (just as the human body contains dissimilar internal organs—each executing its specific job). Where these modules connect to one another—their seams—can become entrances through which an assailant can launch an attack on the application.

Cast in a different analogy, a web-based application is like a building with many doors and windows. Most are necessary to support the in-and-out flow of information. Some, however, represent openings into areas that hold sensitive information, or into control rooms from which an assailant can launch an attack into a system’s interior.

It has become the application developer’s task to see that only the appropriate doors and windows are unlocked and unlatched, and that only legitimate traffic passes through. There are so many points from which an application can be assaulted, however, that you cannot reasonably expect even the best programmer to examine them all. Nevertheless, it is a fact that developers must undertake most of the work needed to secure an application.

To download pdf version of this paper, click on link below