Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: .NET ClickOnce
Hello all,
 
My boss is looking for a penetration testing tool for our .Net 4.0 Click-Once applications. They are used to using a tool for websites, I think it is by IBM. In any case, I am not really aware of doing that kind of testing on .net applications. I think FXCop might be a viable tool, but it seems like they are more after a scripted security test that can attempt logins and so on.
 
Any ideas? I'm not even sure what to google for.
 
Thanks!
 

EDIT -
 
OK, let me rephrase the question. "Have you ever actually used a penetration testing tool for .Net applications (NOT WEBSITES). If so, what is it and would you recommend it?"
Posted 3-Jan-13 5:03am
Edited 3-Jan-13 14:13pm
v2

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

FxCopy has nothing to do with any kind of testing, not in the sense you are talking about. FxCopy only helps to improve code quality without any direct concern of its functionality. For example, it helps to find unused references, excessive use of non-static (instance) methods, other performance flaws, even the violations of naming conventions. Put it in this way: it your fully take into account all the flaws detected by FxCop, the functionality of the code will remain exactly the same. Do you see now that it is totally unrelated to what you want?
 
You have been confused. For final unconfusion, please read about penetration testing: http://en.wikipedia.org/wiki/Penetration_test[^].
 
So, what to Google for? Captain Obvious tells you: for "penetration test" or "testing". This is the most narrow query I could come up with: http://bit.ly/XnqVqL[^].
 
Still, over 20 millions search results; and those I can see are quite relevant. Enough? Smile | :)
 
[EDIT]
 
And no, this topic is totally unrelated to the notion "Click Once". You should not link one to another, otherwise it will lead you nowhere. Look for some penetration test and other test facilities and make sure they are suitable for .NET, your application-specific settings, requirements and testing criteria. And then it will suite your application, regardless of its deployment.
 
—SA
  Permalink  
v3
Comments
Adam R Harris at 3-Jan-13 15:10pm
   
Great answer!
my 5
Sergey Alexandrovich Kryukov at 3-Jan-13 15:11pm
   
Thank you, Adam.
—SA
Adam R Harris at 3-Jan-13 15:50pm
   
i believe in giving credit where credit is due and you my friend always provide very well worded and in depth explanations and really do elevate the quality of the site. No, i'm not looking for you to do something for me nor am i brown nosing. I just wanted to let you know that your dedication to this site has not gone unnoticed.
 
Keep up the good work.
Sergey Alexandrovich Kryukov at 3-Jan-13 15:54pm
   
I hear you. I really appreciate your nice words.
(By the way: "well worded" sounds especially flattering to me, because English is not my native language, and I haven't even use it most of my life...)
 
Thank you,
—SA
Adam R Harris at 3-Jan-13 16:06pm
   
lol well you speak better English than me and thats the only language i speak.
Sergey Alexandrovich Kryukov at 3-Jan-13 16:18pm
   
About "speak", it just cannot be true; I just know that, but thank you anyway. :-)
—SA
Sergey Alexandrovich Kryukov at 3-Jan-13 22:50pm
   
It's funny that OP considered my post rude, probably, in order to demonstrate the sample of politeness, informed me that I sounded like a fool (I removed that last post though...).
—SA
Adam R Harris at 4-Jan-13 12:11pm
   
Doesn't surprise me, you actually expected him to do some reading and investigate what he is trying to accomplish rather than just doing the leg work for him. Where do you get off?
 
That's sarcastic, the guys just an a$$.
Sergey Alexandrovich Kryukov at 4-Jan-13 16:04pm
   
Actually, vast majority of inquirers express the readiness to go ahead and read and learn, even those who did very little of it so far. Many ask to do their work for them, but not so aggressively. But such cases happen from time to time. Basically, a typical problem is the inability to perceive the criticism as necessary and important thing. To me, it's hard to understand. Everyone could see: it someone points out that I do or say something stupid, and that it correctly argumented, I say thank you and improve my work (or I rationally try to prove my point). Not using criticism in this way is simply a sure way to become a... nobody.
 
Thank you,
—SA
Sasha Laurel at 3-Jan-13 20:14pm
   
Actually no. That was not an answer at all, but merely a pedantic raving. What's amazing is that he wasted the time to post at all. And no, I don't see a single relevant entry in the search for an actual tool that will work. If you don't know, then its ok not to post at all.
Sergey Alexandrovich Kryukov at 3-Jan-13 21:24pm
   
Well, Sasha, let me tell you that unfortunately you are wrong all around. That happens.
 
Remember that you, personally, was about to consider FxCop as a test tool. Interesting idea, isn't it? Where would you be then, with such analytical skills? Every would could read you question, so now one can be impressed with your assessments, and, unfortunately, it won't even matter much what you say — to tell you quite frankly.
 
I would strongly advise that you would try to learn something instead, and try to get to essence of things.
And please, do yourself a big favor: take care about spending of your own time, and let others spend or waste their time as they prefer.
 
Anyway, thank you for your interesting opinion.
 
—SA
Sasha Laurel at 3-Jan-13 21:32pm
   
You are misunderstanding, and speaking on it is only making you look a fool. In relation to security FXCop might really help, so in that sense it is a viable tool. Because my question was poorly worded, and you chose not to seek clarification before ranting, I don't see how I can possibly be in the wrong here. Maybe you need to take a break from Q&A, your attitude seems counter-productive.
Adam R Harris at 4-Jan-13 12:14pm
   
Actually yes.
You were headed down the wrong path and he pointed you in the right direction. We aren't here to do the work for you, we are here to help you out. If you don't like the help then that's really more of a Sasha problem then a Sergey/Adam problem.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 259
1 Sergey Alexandrovich Kryukov 182
2 Hard_Rockz 153
3 Richard MacCutchan 125
4 Maciej Los 104
0 OriginalGriff 5,374
1 Sergey Alexandrovich Kryukov 4,713
2 Peter Leow 2,944
3 DamithSL 2,465
4 Maciej Los 2,270


Advertise | Privacy | Mobile
Web04 | 2.8.140718.1 | Last Updated 3 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid