Are there any tools to perform a security analysis against .net desktop assemblies and excutables? I used FXCOP and Gendarme but i think they are not sufficient.
Are there any tools to perform a security analysis against .net desktop assemblies and excutables?
2k views Asked by Ahmed_A At
1
There are 1 answers
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in ASSEMBLIES
- Details on how to handle AppDomain.AssemblyResolve event properly upon updating the needed assembly
- Right way to generate shared code in source generators
- How do I use assemblies with PowerShell JEA?
- .Net Framework 4 site compilation error due to loading too many assembly (dll) files. "CS1647: An expression is too long or complex to compile"
- "FileNotFoundException: Could not find System.Private.CoreLib.dll" in Release-mode MAUI application
- NAudio - Could not load an assembly or one of its dependencies: Naudio.Core
- How to force visual studio to automatically increase the build number?
- Difference between PowerShell 5.1 and 7 when working with certificates
- Get class that implements an interface across multiple .NET assemblies
- C# Where are these assembly references coming from?
- .Net Core looking for a lower version of referenced assembly
- Can I use asm() in C instead of asm?
- Codebase lists wrong path for referenced assemblies
- Can digital signing of 3rd party DLLs in nuget packages have potential negative effects?
- Issue Publishing Power BI Paginated Report with Custom Assembly for QR Code Generation
Related Questions in STATIC-ANALYSIS
- Ansible role analysis with Checkov - facts evaluation?
- Flutter SonarQube: "The main branch has no lines of code."
- the expressionType and includePath of CDT parser
- Adding entry to program header table
- Static checker that number of arguments to python logging matches number of placeholders
- Why am I getting this error when using dataflow in Codeql
- How to disallow exception to curly_braces_in_flow_control_structures linter rule in dart?
- Security scan flagged local variable for heap inspection in C Function
- Is it possible to use Eclipse JDT static analysis for null annotations when compiling from the command line?
- Remove directory from sonar analyzer
- Sonar qube issue in using aes-256-cbc algoritm, stating Make sure that encrypting data is safe here
- Programming language/library that uses dataflow analysis to fetch only required data from the database
- Export comments from Fortify Software Security Center
- Changing lint configuration based on Cargo profile
- Can I reproduce eslint's "prefer-object-spread" rule using ast-grep?
Related Questions in FXCOP
- How to convert FxCopReport format in sarif format?
- Visual Studio 2019 during publish getting fxcop is hung or deadlock error
- Creating Custom Rules for .Net Analyzers
- File names and line numbers missing from FXCOP output in SDK-style project targeting .NET Framework
- How to get CA2100 SQL injection warning in calling methods
- CA1063 Remove finalizer from class and add it in the code where disposing is false
- CA1707 warning on constants names
- Remove all, except the first two parameters from the EventHandler
- Warning: SQL injection attacks
- Are FxCopAnalyzers and the .editorconfig file supposed to sync?
- Opening the Code Analysis Ruleset editor crashes Visual Studio
- How should you type an enumerable property in .NET Core configuration when using options?
- Running FxCop analyzers from command line
- Does FxCop Analyzers works with blazor project?
- Disable / Turn off FxCop CA1303 when calling LoggerExtensions methods in ASP .NET Core 3.1
Related Questions in GENDARME
- C# Class extended implements the interface method and Gendarme rise ParameterNamesShouldMatchOverriddenMethodRule
- How to use Mono.Gendarme on CentOS7?
- Running Gendarme after copying Mono.Cecil.Mdb.dll into mono/lib/gendarme/ causes an error
- Integrating Gendarme reports into SonarQube
- EnsureLocalDisposalRule for XmlNodeList
- Does Asp.net MVC ActionResult implements IDisposable
- Sonar, Gendarme plugin issue
- EnsureLocalDisposalRule of Gendarme and WinForm
- Are there any tools to perform a security analysis against .net desktop assemblies and excutables?
- How can you set Gendarme to run with Teamcity when doing a build?
- Protobuf-net Gendarme Errors
- Gendarme integration with visual studio 2010 premium
- Monitor 3rd party assembly usage with Sonar
- Error 85 Argument 1: cannot convert from 'System.Reflection.ConstructorInfo' to 'Mono.Cecil.TypeReference'
- C#, Gendarme, Sonar and Jenkins : Exclude generated files from Gendarme
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
There are a whole bunch of tools that could be used for security scanning your application. These include:
CAT .NET and Veracode act directly on the binaries. the others parse the code as far as I can tell.
Here's an introductory short movie about CAT .NET. To run it from the commandline, you can call the executable from:
The syntax is as follows:
Note that CAT .NET features a limited set of rules It should be used in conjuction with CodeAnalysis (FxCop) and though it will find additional issues it is by far not as complete as some of the other tools in the list.