Click here to Skip to main content
15,867,568 members
Please Sign up or sign in to vote.
2.50/5 (2 votes)
See more:
Hello all,

My boss is looking for a penetration testing tool for our .Net 4.0 Click-Once applications. They are used to using a tool for websites, I think it is by IBM. In any case, I am not really aware of doing that kind of testing on .net applications. I think FXCop might be a viable tool, but it seems like they are more after a scripted security test that can attempt logins and so on.

Any ideas? I'm not even sure what to google for.

Thanks!


EDIT -

OK, let me rephrase the question. "Have you ever actually used a penetration testing tool for .Net applications (NOT WEBSITES). If so, what is it and would you recommend it?"
Posted
Updated 3-Jan-13 14:13pm
v2

1 solution

FxCopy has nothing to do with any kind of testing, not in the sense you are talking about. FxCopy only helps to improve code quality without any direct concern of its functionality. For example, it helps to find unused references, excessive use of non-static (instance) methods, other performance flaws, even the violations of naming conventions. Put it in this way: it your fully take into account all the flaws detected by FxCop, the functionality of the code will remain exactly the same. Do you see now that it is totally unrelated to what you want?

You have been confused. For final unconfusion, please read about penetration testing: http://en.wikipedia.org/wiki/Penetration_test[^].

So, what to Google for? Captain Obvious tells you: for "penetration test" or "testing". This is the most narrow query I could come up with: http://bit.ly/XnqVqL[^].

Still, over 20 millions search results; and those I can see are quite relevant. Enough? :-)

[EDIT]

And no, this topic is totally unrelated to the notion "Click Once". You should not link one to another, otherwise it will lead you nowhere. Look for some penetration test and other test facilities and make sure they are suitable for .NET, your application-specific settings, requirements and testing criteria. And then it will suite your application, regardless of its deployment.

—SA
 
Share this answer
 
v3
Comments
Adam R Harris 3-Jan-13 15:10pm    
Great answer!
my 5
Sergey Alexandrovich Kryukov 3-Jan-13 15:11pm    
Thank you, Adam.
—SA
Adam R Harris 3-Jan-13 15:50pm    
i believe in giving credit where credit is due and you my friend always provide very well worded and in depth explanations and really do elevate the quality of the site. No, i'm not looking for you to do something for me nor am i brown nosing. I just wanted to let you know that your dedication to this site has not gone unnoticed.

Keep up the good work.
Sergey Alexandrovich Kryukov 3-Jan-13 15:54pm    
I hear you. I really appreciate your nice words.
(By the way: "well worded" sounds especially flattering to me, because English is not my native language, and I haven't even use it most of my life...)

Thank you,
—SA
Adam R Harris 3-Jan-13 16:06pm    
lol well you speak better English than me and thats the only language i speak.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900