I'm looking for an alternative tool to CAT.NET for performing static security scans on .NET code. Currently the CAT.NET tooling/development is at a somewhat fragile stage and doesn't offer the reliability that I'm looking for. Are there any alternative static code analyzers that you use for detecting security issues? ...
Hi. I'm analyzing my code (C#, desktop application) with CAT.NET Code Analysis and getting "Sanitize the file path prior to passing it to file system routines" message when dealing with file names. What I don't understand is that to ensure the file name is valid, I use: void SomeMethod(String filename) { filename = System.IO.Path.Ge...
I’m trying to find Microsoft CAT.NET for VS2010 and it looks like there was a beta of their 2.0 version but every link to it in Microsoft Connect is now dead. This is the most recent reference I could find: http://blogs.msdn.com/securitytools/archive/2010/02/05/how-to-use-cat-net-2-0-beta.aspx Some references suggest it may have been ro...