Are there any tools to perform a security analysis against .net desktop assemblies and excutables? [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Closed 8 years ago.

Improve this question

Are there any tools to perform a security analysis against .net desktop assemblies and excutables? I used FXCOP and Gendarme but i think they are not sufficient.

Answer 1

There are a whole bunch of tools that could be used for security scanning your application. These include:

• HP Fortify
• Microsoft CAT .NET
• VeraCode Code Security
• Resharper & Resharper CLI
• Coverity Security Analyzer

CAT .NET and Veracode act directly on the binaries. the others parse the code as far as I can tell.

Here's an introductory short movie about CAT .NET. To run it from the commandline, you can call the executable from:

C:\Program Files (x86)\Microsoft\CAT.NET

The syntax is as follows:

catnetcmd.exe /file:wildcardexpression /search:pathtodependencies

Note that CAT .NET features a limited set of rules It should be used in conjuction with CodeAnalysis (FxCop) and though it will find additional issues it is by far not as complete as some of the other tools in the list.