I am looking for a utility that can be used against .NET compilers to test code using best practices and, most importantly, can analyze code for security vulnerabilities, injection and cross-site scripting. I know that this is not an exact science, but I am looking for any experience / recommendations on the best solution that will at least set a basic standard. I know that nothing can compare with an individual review, but I look at a high level.
I did some Fortify research, and still it looks like a good tool, from what I can say it gives a very detailed answer. I know that FXCop is there too, but I donβt know if it goes deep enough.
EDIT One of the attractive things I've found about Fortify, and that would be nice in the tool, is a combination of a security review and a review of the best .NET applications. IE strengthens checks for potential unblocked connections, recommends using usage statements, etc.
Mitchel sellers
source share