How does Integrity Analysis work?



How does Integrity Analysis work?


This article refers to all versions of Security Checker.

Integrity analysis replays a series of known security attacks against the ASP.NET application. Each field, link, and page is tested for known problems such as Cross Site Scripting, SQL Injection attacks, Buffer Overflows, Parameter Tampering, etc. The SecurityChecker software also analyzes the data returned from the application looking for incorrect error handling, information leaks, diagnostic messages inadvertently left in the application, insecure comments, and many other vulnerabilities.

Caution: If your application will interact with a database during a SecurityChecker analysis session, create a reset script to return the database to its original state. Run this script before or immediately after an analysis session. Or, run SecurityChecker against a copy of your application.

During the analysis phase of a SecurityChecker session, SecurityChecker follows the map created in the discovery phase, repeating all of the mapped actions. If these mapped actions add, modify, or delete records, your database will be changed. This behavior is normal for a product like SecurityChecker.

This information can also be found in the "Understanding DevPartner SecurityChecker" guide.

Old KB# 11346
Comment List
Related Discussions