Developer Product Briefs

DevPartner Studio 9.0 and Postbuild 2008

Reviews of new products for developers.

• By Editors Visual Studio Magazine
• 12/01/2008

DevPartner Studio 9.0 scans Microsoft ASP.NET application source code to find security problems and coding errors before they become deeply embedded in the code base. The security-scanning feature checks each line of ASP.NET code for more than 200 security vulnerabilities and suspicious behaviors, such as incorrect use of cryptography APIs, insecure use of .NET code attributes and permissions, and insecure use of COM and P/Invoke. Error-detection scanning catches problems with unsupportable code, runtime errors, or mishandled exceptions in Visual Studio .NET, Visual C++, and Visual Basic code.

DevPartner Studio 9.0 offers integrated reporting, producing code-quality reports that managers and team leads can review easily using a Web browser. Customizable reports are provided for a range of reporting needs, including code quality, code review, error detection, performance, code coverage, and more.

DevPartner Studio 9.0 also supports 32-bit application development on Microsoft Windows x64 platforms, as well as a number of new .NET Framework technologies, including: Visual Studio 2008 and Visual Studio Team System 2008, Windows Server 2008, .NET Framework 3.5, Windows Presentation Foundation (WPF), LINQ, and ASP.NET AJAX Extensions. It also supports legacy applications built with Visual Studio 6.0, Visual Basic 6.0, Visual C++ 6.0, Visual Studio .NET 2003, and .NET Framework 1.1.

DevPartner Studio 9.0
Compuware Corp.
Price: Contact vendor for pricing
Web: www.compuware.com
Phone: 800-521-9353

[Click on image for larger view.]

Postbuild 2008
Xenocode has announced that it is shipping Postbuild 2008 for .NET, a code obfuscation and deployment solution for Windows developers. Xenocode Postbuild allows software developers to deploy .NET apps in a single, secure executable that runs on any Windows system, with or without .NET Framework. The 2008 edition of Postbuild includes support for the latest .NET platforms and technologies, including Visual Studio 2008, .NET 3.0 and 3.5, WPF, and LINQ.

Postbuild allows developers to convert .NET binaries into native executables that run with or without an installed .NET Framework, or with a mismatched version of the framework. The system packages all application dependencies -- including components, DLLs, runtimes, and services -- into a single executable. File-system data, registry keys, and Windows services can be directly embedded within the executable and virtual machine resources are visible to the executing application without any modifications to the host device. Virtualization also allows applications to emulate the behavior of privileged applications under non-privileged user accounts.

Postbuild obfuscation techniques include the renaming of symbolic metadata -- such as class, variable, and method names -- into meaningless characters; manipulation of program control flow within the IL bytecode, editing branch instructions generated by compilers, inserting decoy branches, and re-ordering instruction sequences; applying counter-analysis techniques to executables to prevent popular decompilers from processing the binaries; and watermarking that allows per-instance customization information to be embedded into the visible text and internal binary structures within the assembly.

Postbuild also includes integrated code-optimization capabilities, including metadata reduction, transparent compression, and dead-code pruning, as well as dead and duplicate literal elimination.

Postbuild 2008
Xenocode
Price: $1,599 (five-developer license); $1,999 (Developer Suite; includes Xenocode Fox and Xenocode Postbuild)
Web: www.xenocode.com
Phone: 877-223-3551; 1-206-774-8769 (outside the United States)