S ECURITY T OOLS F OR S OFTWARE D EVELOPMENT F X C OP 10.0 David Angulo Rubio.

Slides:

Advertisements

Similar presentations

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Advertisements

1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.

System Integration Verification and Validation

Building Localized Applications with Microsoft.NET Framework and Visual Studio.NET Achim Ruopp International Program Manager Microsoft Corp.

Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.

.NET Technology.

CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.

Instructed by: Ofir Erel Performed by: Adam Levi Marina Skarbovsky.

CSE3030Lecture 11 Know Your User The First Slogan.

Programming in the Office 2003 Environment Corinne Hoisington.

Advanced Object-Oriented Programming Features

Illinois Institute of Technology

Java Programming, 3e Concepts and Techniques Chapter 1 An Introduction to Java and Program Design.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Chapter 10 Application Development. Chapter Goals Describe the application development process and the role of methodologies, models and tools Compare.

Examining the Code [Reading assignment: Chapter 6, pp ]

Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.

A Free sample background from © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.

Introduction 01_intro.ppt

Chapter 2 Build Your First Project A Step-by-Step Approach 2 Exploring Microsoft Visual Basic 6.0 Copyright © 1999 Prentice-Hall, Inc. By Carlotta Eaton.

Java Programming, 2E Introductory Concepts and Techniques Chapter 1 An Introduction to Java and Program Design.

1 Integrated Development Environment Building Your First Project (A Step-By-Step Approach)

Lecture Roger Sutton CO530 Automation Tools 5: Class Libraries and Assemblies 1.

Overview of SQL Server Alka Arora.

Introduction to .Net Framework

Database Design for DNN Developers Sebastian Leupold.

COMPUTER SOFTWARE Section 2 “System Software: Computer System Management ” CHAPTER 4 Lecture-6/ T. Nouf Almujally 1.

The Metadata System1. 2 Introduction Metadata is data that describes data. Traditionally, metadata has been found in language- specific files (e.g. C/C++

Module 1: Introduction to C# Module 2: Variables and Data Types

Session 1 - Introduction and Data Access Layer

11 Getting Started with C# Chapter Objectives You will be able to: 1. Say in general terms how C# differs from C. 2. Create, compile, and run a.

Understanding Code Compilation and Deployment Lesson 4.

Lesley Bross, August 29, 2010 ArcGIS 10 add-in glossary.

.NET Code Auditing Keith Rull Software Engineer First Allied Securities Inc.

Testing XML Pallavi Patwa CSTE,ISTQB (Foundation).

Introduction .NET Framework

Chapter 3: Completing the Problem- Solving Process and Getting Started with C++ Introduction to Programming with C++ Fourth Edition.

Grob Systems, Inc., the customer, requires an industrial computer system that will have a function of acquiring raw data, processing the data, presenting.

9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.

Visual Studio 2005 Team System: Building Robust & Reliable Software Tejasvi Kumar Technology Specialist - VSTS Microsoft Corporation

.NET Framework Danish Sami UG Lead.NetFoundry

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

© 2012 Pearson Education, Inc. All rights reserved. 1-1 Why Java? Needed program portability – Program written in a language that would run on various.

The HipHop Compiler from Facebook By Megha Gupta & Nikhil Kapoor.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Guide to Programming with Python Chapter One Getting Started: The Game Over Program.

1.NET FRAMEWORK CE-105 Spring 2007 Engr. Faisal ur Rehman.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.

CHAPTER TWO INTRODUCTION TO VISUAL BASIC © Prepared By: Razif Razali 1.

ASP.NET &.NET Environment. Overview Part of Microsoft’s.NET environment Used for Development of  Websites  Internet applications  Web Services & XML.

Created By: Kevin Cherry. A library that creates a display to run on top of your game allowing you to retrieve/set values and invoke methods.

Object-Oriented Program Development Using Java: A Class-Centered Approach, Enhanced Edition.

PRIOR TO WEB SERVICES THE OTHER TECHNOLOGIES ARE:.

Getting Started with.NET Getting Started with.NET/Lesson 1/Slide 1 of 31 Objectives In this lesson, you will learn to: *Identify the components of the.NET.

Copyright 2010, The World Bank Group. All Rights Reserved. Recommended Tabulations and Dissemination Section B.

© 2012 Pearson Education, Inc. All rights reserved types of Java programs Application – Stand-alone program (run without a web browser) – Relaxed.

1 Software Testing Strategies: Approaches, Issues, Testing Tools.

ASP.NET &.NET Environment. Overview Part of Microsoft’s.NET environment Used for Development of  Websites  Internet applications  Web Services & XML.

Text Introduction to.NET Framework. CONFIDENTIAL Agenda .NET Training – Purpose  What is.NET?  Why.NET?  Advantages  Architecture  Components: CLR,

CS223: Software Engineering Lecture 21: Unit Testing Metric.

CIS-NG CASREP Information System Next Generation Shawn Baugh Amy Ramirez Amy Lee Alex Sanin Sam Avanessians.

Visual Basic.NET Comprehensive Concepts and Techniques Chapter 1 An Introduction to Visual Basic.NET and Program Design.

METADATA IN.NET Presented By Sukumar Manduva. INTRODUCTION  What is Metadata ? Metadata is a binary information which contains the complete description.

Chapter 2 Build Your First Project A Step-by-Step Approach 2 Exploring Microsoft Visual Basic 6.0 Copyright © 1999 Prentice-Hall, Inc. By Carlotta Eaton.

SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.

Software Verification and Validation

CE-105 Spring 2007 Engr. Faisal ur Rehman

An Introduction to Visual Basic .NET and Program Design

Pallavi Patwa CSTE,ISTQB (Foundation)

Presentation transcript:

S ECURITY T OOLS F OR S OFTWARE D EVELOPMENT F X C OP 10.0 David Angulo Rubio

O VERVIEW Security Development Life Cycle Tool What is FxCOP Why use FxCOP Code Analysis Rules checked by FxCOP Sample rule Possibilities Using FxCOP Conclusion

T HE S ECURITY D EVELOPMENT L IFECYCLE (SDL) AND F X COP Security best practices in Microsoft Provides guidance within established development processes Design considerations Creating effective security plans Leveraging tools across the development cycle Better then simply hunting for bugs Requirements Design Implementation Verification Release Response

F X COP Began as an internal Microsoft Solution Enforces adherence to.NET Framework Design Guidelines Available free Uses “Introspection” Faster analysis Multi-thread analysis Contains over 200 rules Ability to create custom rules

F X COP A static code analysis tool that examines managed assemblies for design and code correctness issues Console and graphical applications that manage: Targets (items for analysis) Rules (checks to execute) Messages (feedback from rules) A general infrastructure for writing checks against managed code

W HY U SE F X COP Do you: Have a well defined coding standards But have no way of enforcing those standards? Spend much time writing code But even more time editing code? Want to have your applications run smoothly But seem to always be held back by errors? Then…FxCop is for you !

C ODE ANALYSIS Unlike traditional analysis tools (Lint for C), FxCOP does not analyze source code. Instead, it analyzes the binary Common Intermediate Language (CIL) generated by the.NET compilers and persisted in the.NET assemblies (EXE and DLL files). Analysis is enable by the rich metadata that is part of the CIL. By analyzing assemblies directly, FxCOP avoids being tied to any particular programming language: it will work without modification against C#, VB.net, and potentially any other.NET languages

R ULES The tool is designed to check.NET code for violations of a wide range of programming rules and conventions. The rules included with FxCOP draw heavily upon Microsoft’s Framework Design Guidelines. The rules checked by FxCOP include: Design, Globalization,Interoperabiliyy,Mobility, Naming, Performance, Portability, Security, Usage

S AMPLE M ETADATA XML

P OSSIBILITIES Ensure that the names of controls on forms and web pages follow your naming conventions. Check that your preferred controls, components, and classes are used instead of alternatives. Inspect literal arguments values being passed to your methods. Examine control structures, such as conditions and loops, to evaluate code metrics. Determine the callers and callees of methods. Spell-check text elements such as identifiers, literals, and resource strings. Verify that elements are properly documented with XML documentation comments. Build standalone tools that take advantage of FxCOP code analysis APIs

U SING F X COP Recall that FxCOP checks compiled assemblies. Prior to running FxCOP, you need to compile the program that you want to check.

SUMMARY FxCOP is a free static code analysis tool from Microsoft that checks.NET managed code assemblies for conformance to Microsoft's.NET Framework Design Guidelines FxCOP analyzes the compiled object code, not the original source code FxCOP includes both GUI and command line versions of the tool FxCOP ensures that the specified rules are used in the source code.