Application Security Audit of an .NET Web Application?

Question

Anyone have suggestions for security auditing of an .NET Web Application?

I\'m interested in all options. I\'d like to be able to have something agnostically probe my a

Answer 1

Best Thing to do:

• Hiring a security guy for source code analysis
• Second best thing to do hiring a security guy / pentesting company for black-box analysis

Following tools will help :

• Static Analysis Tools Fortify / Ounce Labs - Code Review
• Consider solutions such as HP WebInspects's secure object (VS.NET addon)
• Buying a blackbox application scanner such as Netsparker, Appscan, WebInspect, Hailstorm, Acunetix or free version of Netsparker

Hiring some security specialist is so much better idea (will cost more though) because they won't only find injection and technical issues where an automated tool might find, they will also find all logical issues as well.