McAfee, Inc. today announced that its security services group, Foundstone Professional Services, has released the S3i (Strategic Secure Software Initiative) .NET security toolkit specifically designed to help application developers and architects to build secure and reliable applications. The new toolkit, comprised of the Validator.NET, .NETMon and SecureUML template tools help developers validate, debug and analyze vulnerabilities during the design and development of web applications.

The tools are aimed at more experienced web developers building e-commerce sites.

The need to build secure software has become a high priority for organizations of all sizes today, in order to ensure that hackers cannot gain access to software and applications that make up an organization's IT infrastructure. Building secure software requires careful design and development as well as a fundamental understanding of the security mechanisms and techniques available. The new tools are key components of a developer's security toolkit to help improve specific aspects of design and eliminate specific vulnerabilities in development.

Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.

"The Foundstone Validator.NET tool is an important resource for malicious input testing for ASP.NET Web applications," said Michael Howard, senior security program manager at Microsoft Corp., and co-author of Writing Secure Code.

The .NETMon tool monitors the .NET common language runtime enabling a developer to conduct detailed analysis of how the .NET framework enforces security controls, including setting custom profiling filters and logging of specific events. The SecureUML Visio template defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).

"Building secure applications is the next wave in the security landscape. Organizations are vastly improved in protecting their corporate networks from attack, but are still very much at risk due to software flaws," said Mark Curphey, senior director of consulting for Foundstone Professional Services at McAfee, Inc. "McAfee's Foundstone Professional Services is dedicated to working directly with software architects and developers to ensure that they have the necessary tools to design and build secure software. Leveraging the suite of development tools available from Foundstone Professional Services today helps organizations improve the security quality of their software and reduce their business risk."

Validator.NET, .NETMon and SecureUML together create the S3i .NET security toolkit and are three of many tools available from the Foundstone Professional Services group to help design, develop, deploy and maintain reliable and secure software. In addition to the toolkit offerings, Foundstone Professional Services is also offering a new four-day intensive training course, entitled "Writing Secure Code ASP.NET" designed to help application developers understand the key security features of the .NET platform, the common web security pitfalls developers make and how to build secure and reliable web applications.

For more information and a complete course description, visit: http://www.foundstone.com/.