FXCop Checks The Coding Practices Of Your Dot Net Assemblies
By Dan Morrill
Expert Author
Article Date: 2008-05-29
FXCop is one of the very few free tools you can use to check on the coding practices of a dot net assembly.
If your company is building things in dot net, then this is a tool you want to run every single home grown code set through. Additionally though, it can be used to take a look at other folks dot net assemblies to see how well they coded them, and see if you want to use them.
This video covers the reverse engineering and security check of a web 2.0 dot net assembly for YouTube that was pulled randomly off the internet, and the results were surprising.
As companies start to do a wider adoption of Web 2.0 components that they have used off the internet, your developers or security team should be using FXCop to check each of those API's that are being used to make sure that they follow secure coding practices, and that the API does not introduce vulnerabilities in your web 2.0 application.
Comments About the Author: Dan Morrill runs Techwag, a site all about his views on social media, education, technology, and some of the more interesting things that happen on the internet. He works at CityU of Seattle as the Program Director for the Computer Science, Information Systems and Information Security educational programs.
