[Owasp-dotnet] The future of secure code? Fixing/Encoding .NET code in real time (in this case Response.Write)
dinis cruz
dinis.cruz at owasp.org
Mon Nov 7 05:34:52 EST 2011
If we really want to help developers to fix they code, we ultimately need
to move all the way into their IDEs and actually provide them code-fixes in
context!
A while back somebody asked me how to perform actually .NET code changes
and patches using O2's .NET Static Analysis engine, and I wrote a little
PoC that clearly shows how that can be done (and a preview of what the
future looks like).
I just wrote a O2 blog post about it which you can find here:
http://o2platform.wordpress.com/2011/11/07/fixingencoding-net-code-in-real-time-in-this-case-response-write
(if
you have O2 installed just run the *Fixing Response.Write.h2* script)
I really like this concept and it is sort of similar to what Spring is
doing with Roo (http://www.springsource.org/spring-roo) where the
developer's code is automatically refactored in order to
meet specific objectives
Dinis Cruz
Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-dotnet/attachments/20111107/481f7081/attachment.html
More information about the Owasp-dotnet
mailing list