Project Description
Fxcop ASP.NET security rules
This is a set of code analysis rules aiming at analyzing ASP.NET and ASP.NET MVC security against best practices. The rules can be used by Visual Studio 10 Ultimate or FxCop v10 standalone.
Installation
Simply run the installer and specifiy the rules folder of your FxCop installation.
For Visual Studio it's normally C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Static Analysis Tools\FxCop\Rules
Available Rules
EnableEventValidationShouldBeTrue
Verifies if the EnableEventValidation directive is disabled on a certain page
ValidateRequestShouldBeEnabled
Verifies if the ValidateRequest directive is disabled on a certain page.
ViewStateEncryptionModeShouldBeAlways
Verifies if the ViewStateEncryptionMode directive is not set to Never on a certain page.
EnableViewStateMacShouldBeTrue
Verifies if the EnableViewStateMac directive is not set to false on a certain page.
EnableViewStateShouldBeTrue
Verifies if the EnableViewState directive is not set to false on a certain page.
ViewStateUserKeyShouldBeUsed
Verifies if the Page.ViewStateUserKey is being used in the application to prevent CSRF.
DebugCompilationMustBeDisabled
Verifies that debug compilation is turned off. This eliminates potential performance and security issues related to debug code enabled and additional extensive error messages being returned.
(more..)
Read more: Codeplex
Fxcop ASP.NET security rules
This is a set of code analysis rules aiming at analyzing ASP.NET and ASP.NET MVC security against best practices. The rules can be used by Visual Studio 10 Ultimate or FxCop v10 standalone.
Installation
Simply run the installer and specifiy the rules folder of your FxCop installation.
For Visual Studio it's normally C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Static Analysis Tools\FxCop\Rules
Available Rules
EnableEventValidationShouldBeTrue
Verifies if the EnableEventValidation directive is disabled on a certain page
ValidateRequestShouldBeEnabled
Verifies if the ValidateRequest directive is disabled on a certain page.
ViewStateEncryptionModeShouldBeAlways
Verifies if the ViewStateEncryptionMode directive is not set to Never on a certain page.
EnableViewStateMacShouldBeTrue
Verifies if the EnableViewStateMac directive is not set to false on a certain page.
EnableViewStateShouldBeTrue
Verifies if the EnableViewState directive is not set to false on a certain page.
ViewStateUserKeyShouldBeUsed
Verifies if the Page.ViewStateUserKey is being used in the application to prevent CSRF.
DebugCompilationMustBeDisabled
Verifies that debug compilation is turned off. This eliminates potential performance and security issues related to debug code enabled and additional extensive error messages being returned.
(more..)
Read more: Codeplex