Freigeben über


Security Code Review – Use Visual Studio Bookmarks To Capture Security Findings

How to streamline the process of capturing security flaws during security code review? How to save time and avoid switching between the tools? How to stay focused?

In this post I will show my simple technique to capture security flaws using Bookmarks in Visual Studio.

Create bookmark folders. Hit Ctrl + K and then Ctrl + W to bring Bookmarks window up. Create 10 folders according to security frame categories:

clip_image002

Focus on one category. Grab security checklist document you created using Guidance Explorer. Choose one category from the security frame, Authentication for example, and inspect the code manually. Do not pay attention to anything else on your way but Authentication issues. One category a time.

Bookmark security bugs. Once you find security bug hit Ctrl + K and then Ctrl +K again. You just created the bookmark. Drag it into the appropriate folder in Bookmarks window. Move on. When you finish the inspection using your checklist you should have something like this:

clip_image001

Copy to the report in one run. Just run through the bookmarks and paste the findings to your final report. One run. Mechanical work. Done. Peace of mind.

My related posts

Comments

  • Anonymous
    February 15, 2008
    Very useful! I have started to use this method.
  • Anonymous
    February 15, 2008
    Varun, great to hear you found it useful!
  • Anonymous
    March 17, 2008
    Want to quickly check your ASP.NET Web application for Cross Site Scripting (XSS) vulnerability ? It