Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Does anyone have any recommendations for good vulnerability testing software for c# window forms (not .net) applications.
Preferably one that can also test with a mysql server or sql server connection.
There is no tool that is going to match a good code reviewer or penetration tester. But a few tips to get you aimed in the right direction:
Static analysis tools like HP Fortify, IBM AppScan, and CheckMarx do a wonderful job at finding security issues with code. But you really need an experienced code reviewer to get the most out of them. Also, they are not cheap! These tools operate by scanning code, and the main requirement is to provide to the tool everything you need to build your software (at least this is the case for Fortify and AppScan, not sure if the same requirement holds for CheckMarx).
IAST tools such as Contrast are also not cheap. However at least in the case of Contrast, they are specifically trying to make it more developer-friendly. IAST tools work by hooking into your binary in your test environment and looking under the hood for bad things that happen.
Dynamic analysis tools such as OWASP ZAP (free) and Burp (not free, but affordable) can run automated scans in your environment, but if you lack experience with these, then your value is limited. These tools work by scanning in a test environment and sending malicious payloads to see how the server responds. A lot of effort is being put to make ZAP work in continuous integration build environments.
All of these should work for the technologies that you are using.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
we have a legacy Windows app written in C++ using the MFC framework. I want to now add capability to communicate with a database at a centralized server. There are ODBC Connection libraries for many of the popular databases which allow me to do exactly what I want (with MySQL for example). But upon further reading, the GPL or LGPL licensing for both the database but more importantly the connection library gets too complicated given my limited legal resources.
Opening up my source code is not an option for me as I am a small operation selling closed source software for profit. My preference is to choose a database with an available connection library with flexible licensing. I don't care if it is free or paid but I'd like it to be something relatively popular with tools, support, some user community, etc.
MySQL seemed simple and widely used but the licensing is a problem for me. The licensing for the PostgreSQL database itself seems much more flexible but the connection library I found is licensed under GPL. Are there perhaps paid options that I'm not aware of?
Should I be considering Microsoft SQL Server?
Can people please recommend any additional options to me?
LGPL is what you want. GPL is ambiguous about the status of other works (your code) which links to a GPL library (the ODBC drivers). LGPL purposely is explicit that using a LGPL library does not put your work under LGPL.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Hi I have been given a task to design tool to monitor database server health like cpu usage, memory usage etc. Now there is one such tool like MySQL Spotlight. I want to know is there any open source software available with same functionalities? I want software which has nice visualization with charts. Please guide. Thanks in advance.
You could use Cacti for this. Also look at Nagios.
Check out http://code.openark.org/forge/mycheckpoint. It is an open sourced monitoring tool, primarily for db monitoring, even including custom queries and custom alerts! Graphs come pre-packaged and pre-generated. It's written in python, so mods can added to the code easily. I've used it a bit, and it seems to work pretty well. The only caveat I see is the extensive schema that comes pre-packaged which, ostensibly, can't be customized. One thing I will note for the email alerts, if you're getting login or credential alerts, go to line 4338 of the code and just add what you need to the smtplib.SMTP instance.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
We have a commercial application created on CakePHP. I'm about to install it on a client's server, so we'd like to protect my code from being modyfied and/or copied and reselled, changing trial period terms, etc.
I want to know if obfuscating the Cake PHP code breaks Cake specific libraries, or make the application unusable.
I've been searching on this forum and over internet and found several options for obfuscating PHP code, but none related to CakePHP. (I just asked to some of the commercial tools providers if they support Cake obfuscating but haven't received an answer yet).
Does anybody know if this is possible or if there's a better approach to do that?
I'll try to use one of the trial versions of the commercial tools this weekend, but if someone has an advice about this would be great
My company, Semantic Designs, is one of the commercial vendors.
With a decent obfuscator (ahem :) you shouldn't have any trouble doing this. You need to tell the obfuscator somehow (with ours you just provide a list of symbol names) what identifiers have to be retained as cleartext (e.g., any calls to the CakePHP framework), and any public APIs your software may offer.
I'd recommend, you give it a shot and try it out.
Usually, an obfuscator should obfuscate frameworks, too. It should be independent of what kind of PHP Code you use.
Test it in a test environment. If it's successful, you can enroll it to your production environment.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Before going into production, our client demands actual numbers of how many users our web application can handle.
We have all kinds of features implemented including asset management (file uploads/downloads), documents import/export, various statistics, web-services etc.
I guess we need tool which could emulate users form submission because documents import/export as far as I noticed is the slowest part of an app because of parsing and generation.
Which tool (or set of tools) could do this?
Application details:
XHTML/jQuery
Coldfusion 8
SQL Server 2008
Windows Server 2008
I like jMeter - free software and does the job quite well.
Few intro screencasts:
http://www.fosscasts.com/screencasts/3-Load-Testing-with-Apache-JMeter
http://vimeo.com/10164982
HPs Open Source HTTPerf I like. Just setup the URLS you want to test and let it rip. use a couple of machines to emulate load. You could even parse the output into a DB and do some number crunching.
Also, think about doing HTTPerf runs with profiling on the server side to see what lags and what doesnt. A nice touch is to let a user go on the app, and record all POST/GET requests and use them as a replay set for typical user interactions.
Also, if you are thinking about UX, use firebug or something to check JS imports are being done asynchronously instead of one-at-a-time. Have a ganders at Stackoverflow question 310583/loading-javascript-dependencies-on-demand
http://loadimpact.com/
WebLoad: Professional and open
source load testing from
CFMeetup
Visual Studio Ultimate edition has great load/stress testing tools, although the ultimate edition can be a bit expensive.
m using Full version of JBlitz Professional 5.0 ..
it's very good
There are few analytical performance tool out in market(not free) one i came through and works well is New Relic. If you are looking only to test the api then http://locust.io/ is good one and free too.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
We use a home-grown Registration System for our software but I'd like to update it fixing a number of things including adding the ability to remotely activate/deactivate it (to facilitate Saas).
Feel free to suggest any good (in your opinion) VB6- compatible option. I can check out whether it meets our other criteria below.
Required Features:
Activate multiple programs (Ok if it generates a separate code for each one)
Works with VB6 and VB.net. A VB6-compatible DLL should be fine.
Still supported (nice to have but not absolutely required
Compatible with Windows 2000 through 7.
Nice-to-have features (but not required)
* Work without internet access
* Works through a firewall (this may be a tough one)
Any suggestions?
Check out ActiveX control: http://www.aztechsoft.com/timelock.htm
A little old school, but you should be able to wrap it in a .NET container using Interop.
I found a list of Licensing systems. I'll go through each one to evaluate them:
http://software-licensing.qarchive.org/