Presentation is loading. Please wait.

Presentation is loading. Please wait.

S ECURITY T OOLS F OR S OFTWARE D EVELOPMENT F X C OP 10.0 David Angulo Rubio.

Published byMeghan Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "S ECURITY T OOLS F OR S OFTWARE D EVELOPMENT F X C OP 10.0 David Angulo Rubio."— Presentation transcript:

1 S ECURITY T OOLS F OR S OFTWARE D EVELOPMENT F X C OP 10.0 David Angulo Rubio

2 O VERVIEW Security Development Life Cycle Tool What is FxCOP Why use FxCOP Code Analysis Rules checked by FxCOP Sample rule Possibilities Using FxCOP Conclusion

3 T HE S ECURITY D EVELOPMENT L IFECYCLE (SDL) AND F X COP Security best practices in Microsoft Provides guidance within established development processes Design considerations Creating effective security plans Leveraging tools across the development cycle Better then simply hunting for bugs Requirements Design Implementation Verification Release Response

4 F X COP Began as an internal Microsoft Solution Enforces adherence to.NET Framework Design Guidelines Available free http://www.microsoft.com/download/en/details.aspx?id=6544. http://www.microsoft.com/download/en/details.aspx?id=6544. Uses “Introspection” Faster analysis Multi-thread analysis Contains over 200 rules Ability to create custom rules

5 F X COP A static code analysis tool that examines managed assemblies for design and code correctness issues Console and graphical applications that manage: Targets (items for analysis) Rules (checks to execute) Messages (feedback from rules) A general infrastructure for writing checks against managed code

6 W HY U SE F X COP Do you: Have a well defined coding standards But have no way of enforcing those standards? Spend much time writing code But even more time editing code? Want to have your applications run smoothly But seem to always be held back by errors? Then…FxCop is for you !

7 C ODE ANALYSIS Unlike traditional analysis tools (Lint for C), FxCOP does not analyze source code. Instead, it analyzes the binary Common Intermediate Language (CIL) generated by the.NET compilers and persisted in the.NET assemblies (EXE and DLL files). Analysis is enable by the rich metadata that is part of the CIL. By analyzing assemblies directly, FxCOP avoids being tied to any particular programming language: it will work without modification against C#, VB.net, and potentially any other.NET languages

8 R ULES The tool is designed to check.NET code for violations of a wide range of programming rules and conventions. The rules included with FxCOP draw heavily upon Microsoft’s Framework Design Guidelines. The rules checked by FxCOP include: Design, Globalization,Interoperabiliyy,Mobility, Naming, Performance, Portability, Security, Usage

9 S AMPLE M ETADATA XML

10 P OSSIBILITIES Ensure that the names of controls on forms and web pages follow your naming conventions. Check that your preferred controls, components, and classes are used instead of alternatives. Inspect literal arguments values being passed to your methods. Examine control structures, such as conditions and loops, to evaluate code metrics. Determine the callers and callees of methods. Spell-check text elements such as identifiers, literals, and resource strings. Verify that elements are properly documented with XML documentation comments. Build standalone tools that take advantage of FxCOP code analysis APIs

11 U SING F X COP Recall that FxCOP checks compiled assemblies. Prior to running FxCOP, you need to compile the program that you want to check.

12 SUMMARY FxCOP is a free static code analysis tool from Microsoft that checks.NET managed code assemblies for conformance to Microsoft's.NET Framework Design Guidelines FxCOP analyzes the compiled object code, not the original source code FxCOP includes both GUI and command line versions of the tool FxCOP ensures that the specified rules are used in the source code.

Download ppt "S ECURITY T OOLS F OR S OFTWARE D EVELOPMENT F X C OP 10.0 David Angulo Rubio."

Similar presentations

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.
1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.

1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.
System Integration Verification and Validation

System Integration Verification and Validation
Building Localized Applications with Microsoft.NET Framework and Visual Studio.NET Achim Ruopp International Program Manager Microsoft Corp.

Building Localized Applications with Microsoft.NET Framework and Visual Studio.NET Achim Ruopp International Program Manager Microsoft Corp.
Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.

Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.
.NET Technology.

.NET Technology.
CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.

CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.
Instructed by: Ofir Erel Performed by: Adam Levi Marina Skarbovsky.

Instructed by: Ofir Erel Performed by: Adam Levi Marina Skarbovsky.
CSE3030Lecture 11 Know Your User The First Slogan.

CSE3030Lecture 11 Know Your User The First Slogan.
Programming in the Office 2003 Environment Corinne Hoisington.

Programming in the Office 2003 Environment Corinne Hoisington.
Advanced Object-Oriented Programming Features

Advanced Object-Oriented Programming Features
Illinois Institute of Technology

Illinois Institute of Technology
Java Programming, 3e Concepts and Techniques Chapter 1 An Introduction to Java and Program Design.

Java Programming, 3e Concepts and Techniques Chapter 1 An Introduction to Java and Program Design.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Chapter 10 Application Development. Chapter Goals Describe the application development process and the role of methodologies, models and tools Compare.

Chapter 10 Application Development. Chapter Goals Describe the application development process and the role of methodologies, models and tools Compare.
Examining the Code [Reading assignment: Chapter 6, pp. 91-104]

Examining the Code [Reading assignment: Chapter 6, pp ]
Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.

Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.
A Free sample background from www.powerpointbackgrounds.com © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.

A Free sample background from © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.
Introduction 01_intro.ppt

Introduction 01_intro.ppt
Chapter 2 Build Your First Project A Step-by-Step Approach 2 Exploring Microsoft Visual Basic 6.0 Copyright © 1999 Prentice-Hall, Inc. By Carlotta Eaton.

Chapter 2 Build Your First Project A Step-by-Step Approach 2 Exploring Microsoft Visual Basic 6.0 Copyright © 1999 Prentice-Hall, Inc. By Carlotta Eaton.

Similar presentations

Ads by Google