Click here to Skip to main content
13,198,727 members (47,545 online)
Rate this:
Please Sign up or sign in to vote.
See more:
Hello all,

My boss is looking for a penetration testing tool for our .Net 4.0 Click-Once applications. They are used to using a tool for websites, I think it is by IBM. In any case, I am not really aware of doing that kind of testing on .net applications. I think FXCop might be a viable tool, but it seems like they are more after a scripted security test that can attempt logins and so on.

Any ideas? I'm not even sure what to google for.



OK, let me rephrase the question. "Have you ever actually used a penetration testing tool for .Net applications (NOT WEBSITES). If so, what is it and would you recommend it?"
Posted 3-Jan-13 5:03am
Updated 3-Jan-13 14:13pm

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

FxCopy has nothing to do with any kind of testing, not in the sense you are talking about. FxCopy only helps to improve code quality without any direct concern of its functionality. For example, it helps to find unused references, excessive use of non-static (instance) methods, other performance flaws, even the violations of naming conventions. Put it in this way: it your fully take into account all the flaws detected by FxCop, the functionality of the code will remain exactly the same. Do you see now that it is totally unrelated to what you want?

You have been confused. For final unconfusion, please read about penetration testing:[^].

So, what to Google for? Captain Obvious tells you: for "penetration test" or "testing". This is the most narrow query I could come up with:[^].

Still, over 20 millions search results; and those I can see are quite relevant. Enough? :-)


And no, this topic is totally unrelated to the notion "Click Once". You should not link one to another, otherwise it will lead you nowhere. Look for some penetration test and other test facilities and make sure they are suitable for .NET, your application-specific settings, requirements and testing criteria. And then it will suite your application, regardless of its deployment.

Adam R Harris 3-Jan-13 15:10pm
Great answer!
my 5
Thank you, Adam.
Adam R Harris 3-Jan-13 15:50pm
i believe in giving credit where credit is due and you my friend always provide very well worded and in depth explanations and really do elevate the quality of the site. No, i'm not looking for you to do something for me nor am i brown nosing. I just wanted to let you know that your dedication to this site has not gone unnoticed.

Keep up the good work.
I hear you. I really appreciate your nice words.
(By the way: "well worded" sounds especially flattering to me, because English is not my native language, and I haven't even use it most of my life...)

Thank you,
Adam R Harris 3-Jan-13 16:06pm
lol well you speak better English than me and thats the only language i speak.
About "speak", it just cannot be true; I just know that, but thank you anyway. :-)
Sasha Laurel 3-Jan-13 20:14pm
Actually no. That was not an answer at all, but merely a pedantic raving. What's amazing is that he wasted the time to post at all. And no, I don't see a single relevant entry in the search for an actual tool that will work. If you don't know, then its ok not to post at all.
Well, Sasha, let me tell you that unfortunately you are wrong all around. That happens.

Remember that you, personally, was about to consider FxCop as a test tool. Interesting idea, isn't it? Where would you be then, with such analytical skills? Every would could read you question, so now one can be impressed with your assessments, and, unfortunately, it won't even matter much what you say — to tell you quite frankly.

I would strongly advise that you would try to learn something instead, and try to get to essence of things.
And please, do yourself a big favor: take care about spending of your own time, and let others spend or waste their time as they prefer.

Anyway, thank you for your interesting opinion.

Sasha Laurel 3-Jan-13 21:32pm
You are misunderstanding, and speaking on it is only making you look a fool. In relation to security FXCop might really help, so in that sense it is a viable tool. Because my question was poorly worded, and you chose not to seek clarification before ranting, I don't see how I can possibly be in the wrong here. Maybe you need to take a break from Q&A, your attitude seems counter-productive.
It's funny that OP considered my post rude, probably, in order to demonstrate the sample of politeness, informed me that I sounded like a fool (I removed that last post though...).
Adam R Harris 4-Jan-13 12:11pm
Doesn't surprise me, you actually expected him to do some reading and investigate what he is trying to accomplish rather than just doing the leg work for him. Where do you get off?

That's sarcastic, the guys just an a$$.
Adam R Harris 4-Jan-13 12:14pm
Actually yes.
You were headed down the wrong path and he pointed you in the right direction. We aren't here to do the work for you, we are here to help you out. If you don't like the help then that's really more of a Sasha problem then a Sergey/Adam problem.
Actually, vast majority of inquirers express the readiness to go ahead and read and learn, even those who did very little of it so far. Many ask to do their work for them, but not so aggressively. But such cases happen from time to time. Basically, a typical problem is the inability to perceive the criticism as necessary and important thing. To me, it's hard to understand. Everyone could see: it someone points out that I do or say something stupid, and that it correctly argumented, I say thank you and improve my work (or I rationally try to prove my point). Not using criticism in this way is simply a sure way to become a... nobody.

Thank you,

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web03 | 2.8.171020.1 | Last Updated 3 Jan 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100