Improving Web Application Security: Threats and Countermeasures

A good way to start the review process is to run your compiled assemblies through the FxCop analysis tool. The tool analyzes binary assemblies (not source code) to ensure that they conform to the .NET Framework Design Guidelines, available on MSDN. It also checks that your assemblies have strong names , which provide tamperproofing and other security benefits. The tool comes with a predefined set of rules, although you can customize and extend them.

For more information, see the following resources:

• To download the FxCop tool, see http://www.gotdotnet.com/team/libraries/default.aspx .

• To get help and support for the tool, see http://www.gotdotnet.com/community/messageboard/MessageBoard.aspx?ID=234 .

• For the list of security rules that FxCop checks for, see http://www.gotdotnet.com/team/libraries/FxCopRules/SecurityRules.aspx .

• For the .NET Framework Design Guidelines, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/cpconnetframeworkdesignguidelines.asp .