.Net应用程序的渗透测试？ [英] Penetration testing for .Net applications?

问题描述

大家好，



我的老板正在为我们的.Net 4.0 Click-Once应用程序寻找渗透测试工具。他们习惯使用网站工具，我认为是IBM的。在任何情况下，我都不知道在.net应用程序上进行这种测试。我认为FXCop可能是一个可行的工具，但看起来它们更像是一个可以尝试登录的脚本安全测试等等。



任何想法？我甚至不确定谷歌的用途。



谢谢！





编辑 -



好​​的，让我重新解释一下这个问题。 你有没有真正使用.Net应用程序（不是网站）的渗透测试工具。如果是这样，它是什么，你会推荐它吗？

Hello all,

My boss is looking for a penetration testing tool for our .Net 4.0 Click-Once applications. They are used to using a tool for websites, I think it is by IBM. In any case, I am not really aware of doing that kind of testing on .net applications. I think FXCop might be a viable tool, but it seems like they are more after a scripted security test that can attempt logins and so on.

Any ideas? I''m not even sure what to google for.

Thanks!


EDIT -

OK, let me rephrase the question. "Have you ever actually used a penetration testing tool for .Net applications (NOT WEBSITES). If so, what is it and would you recommend it?"

推荐答案

FxCopy与任何类型的测试无关，而不是你所谈论的意义。 FxCopy仅有助于提高代码质量，而无需直接关注其功能。例如，它有助于查找未使用的引用，过度使用非静态（实例）方法，其他性能缺陷，甚至违反命名约定。换句话说：它充分考虑了FxCop检测到的所有缺陷，代码的功能将保持完全相同。你现在看到它与你想要的完全无关吗？



你很困惑。如果最终没有意外，请阅读渗透测试： http://en.wikipedia.org/wiki/Penetration_test [ ^ ]。



那么，Google会为您做什么？ Obvious船长告诉你：渗透测试或测试。这是我能提出的最狭隘的查询： http://bit.ly/XnqVqL [ ^ ]。



仍有超过2000万的搜索结果;我能看到的是非常相关的。足够？ :-)







不，这个话题与这个概念完全无关点击一次。你不应该把它们链接到另一个，否则它将导致你无处可去。寻找一些渗透测试和其他测试工具，并确保它们适用于.NET，特定于应用程序的设置，要求和测试标准。然后它将适用于您的应用程序，无论其部署如何。

-SA

FxCopy has nothing to do with any kind of testing, not in the sense you are talking about. FxCopy only helps to improve code quality without any direct concern of its functionality. For example, it helps to find unused references, excessive use of non-static (instance) methods, other performance flaws, even the violations of naming conventions. Put it in this way: it your fully take into account all the flaws detected by FxCop, the functionality of the code will remain exactly the same. Do you see now that it is totally unrelated to what you want?

You have been confused. For final unconfusion, please read about penetration testing: http://en.wikipedia.org/wiki/Penetration_test[^].

So, what to Google for? Captain Obvious tells you: for "penetration test" or "testing". This is the most narrow query I could come up with: http://bit.ly/XnqVqL[^].

Still, over 20 millions search results; and those I can see are quite relevant. Enough? :-)



And no, this topic is totally unrelated to the notion "Click Once". You should not link one to another, otherwise it will lead you nowhere. Look for some penetration test and other test facilities and make sure they are suitable for .NET, your application-specific settings, requirements and testing criteria. And then it will suite your application, regardless of its deployment.

—SA

这篇关于.Net应用程序的渗透测试？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！