[Owasp-dotnet] The future of secure code? Fixing/Encoding .NET code in real time (in this case Response.Write)
2 views
Skip to first unread message
dinis cruz
Nov 7, 2011, 5:34:52 AM11/7/11
to owasp-o2...@lists.owasp.org, OWASP .NET
If we really want to help developers to fix they code, we ultimately need to move all the way into their IDEs and actually provide them code-fixes in context!
A while back somebody asked me how to perform actually .NET code changes and patches using O2's .NET Static Analysis engine, and I wrote a little PoC that clearly shows how that can be done (and a preview of what the future looks like).
I just wrote a O2 blog post about it which you can find here: http://o2platform.wordpress.com/2011/11/07/fixingencoding-net-code-in-real-time-in-this-case-response-write (if you have O2 installed just run the Fixing Response.Write.h2 script)
I really like this concept and it is sort of similar to what Spring is doing with Roo (http://www.springsource.org/spring-roo) where the developer's code is automatically refactored in order to meet specific objectives
Dinis Cruz
Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
Dinis Cruz
Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
Reply all
Reply to author
Forward
0 new messages