Code the way you usually do, and the integrated Puma security rules will silently search for security vulnerabilities and alert you when it finds one. Depending on the source of the vulnerability, Visual Studio will display potential security-specific diagnostics in two different locations.
Code Analysis Warnings
Code file rules run on code files (.cs or .vb) as syntax nodes, syntax trees, symbols, code blocks, or semantic models are parsed by the Roslyn compiler. Identified vulnerabilities are tagged in the source code location by Visual Studio with spell check style squiggles, as shown below:
Error List Warnings
The Visual Studio Error List displays diagnostic warnings raised by the Roslyn rules described above, as well as additional issues identified in non-code files (e.g. .config, .cshtml, .aspx, .js, .etc.). The following example shows an additional vulnerability identified in a configuration file:
Puma Scan Presentation
Want to see the Puma go hunting for vulnerabilities? Watch Puma Scan's project lead, Eric Johnson, discuss and demonstrate Puma Scan at OWASP AppSecUSA 2016: Continuous Integration: Live Static Analysis with Visual Studio and the Rolsyn API.
DOWNLOAD THE VISUAL STUDIO PUMA SCAN EXTENSION TODAY!