Welcome to MSDN Blogs Sign in | Join | Help

News

  • This blog is provided "AS IS" with no warranties, and confers no rights. Opinions are not necessarily of Microsoft. You can contact the Application Consulting & Engineering Team (ACE Team) by leaving comments, clicking on Contact or Emailing us.

Browse by Tags

All Tags » Security Tools   (RSS)
XSSDetect FAQ
Hi! This is Hassan Khan. As promissed, here the FAQs on XSSDetect: Q. What is XSSDetect? A. XSSDetect is stripped down version of the Code Analysis Tool for .NET used by the ACE team to help find security vulnerabilities in software applications. It has Read More...
Posted: Tuesday, December 11, 2007 3:54 PM by ACE Team | 2 Comments
Filed under: ,
XSSDETECT: Analyzing Large Applications
XSSDetect is a static binary analysis tool. In the first step of analysis it reads target binaries to create a directed graph where nodes represent statements while the edges represent flow of data. This graph can get huge for large applications and users Read More...
Posted: Wednesday, October 24, 2007 9:12 AM by ACE Team | 4 Comments
Filed under: ,
Update: Some details on how XSSDetect does dataflow analysis
Just a brief update, Hassan Khan one of the lead developers of XSSDetect and part of our ACE Engineering team has posted up some technical details on how XSSDetect uses data flow analysis to do its magic. You can read more about it here . Feel free to Read More...
Posted: Wednesday, October 24, 2007 12:03 AM by ACE Team | 2 Comments
Filed under:
XSSDetect Public Beta now Available!
One of the biggest, constant problems we've seen our enterprise customers deal with and we here at Microsoft have to also contend with is that of the XSS (Cross Site Scripting) bug. It's very common and unfortunately, still an issue we have to deal with Read More...
Posted: Monday, October 22, 2007 4:38 PM by ACE Team | 39 Comments
Filed under: ,
ACE's interview with Scoble on Channel 9 - part II & III now up
Hey Folks, part II and III of the Channel 9 interviews are up! You can check out part II here and part III here . Ahmad Mahdi Security Technologist Microsoft – ACE Team ahmad.mahdi Read More...
Posted: Saturday, October 28, 2006 11:23 PM by ACE Team | 0 Comments
Filed under: , , , ,
What would you like the ACE team to discuss on Channel 9?
The ACE Team is going to be doing a Channel 9 video with Robert Scoble! (Thanks Robert! :) We’ll get a chance to discuss what we do and how we do it. We’ll also be spending time talking about our threat modeling process and tool (more info as always on Read More...
Posted: Monday, May 01, 2006 5:12 PM by ACE Team | 0 Comments
Filed under: , , , ,
Crypto Key Generation & Management
Ever wondered how strong your crypto keys are and whether they are secure against the ever growing threat of being compromised? The threat continues to grow daily in a world where hackers are mounting more sophisticated and complex attacks against a constantly Read More...
Posted: Wednesday, April 05, 2006 11:45 AM by ACE Team | 2 Comments
Filed under: ,
What’s the difference between IOSEC and the Microsoft Anti-Cross Site Scripting Library?
Some users who have been using IOSEC, our internal library for defending against cross-site scripting (XSS) attacks, may be wondering what’s the difference between that library and the Microsoft Anti-Cross Site Scripting Library V1.0 at http://www.microsoft.com/downloads/details.aspx?FamilyID=9A2B9C92-7AD9-496C-9A89-AF08DE2E5982&displaylang=en Read More...
Posted: Sunday, March 19, 2006 1:41 AM by ACE Team | 9 Comments
Filed under: ,
ACE Team Tools and Libraries Part I - IOSEC
Update [3/16/06, 4:56PM] There has been some confusion between what IOSEC does and what the Microsoft Anti-Cross Site Scripting Library does (linked to below). The Anti-XSS library currently has a subset of the functionality of IOSEC. Over the coming Read More...
Posted: Monday, March 13, 2006 12:37 PM by ACE Team | 8 Comments
Filed under: ,
Threat Analysis & Modeling Launch
Over the past several years, the ACE Team has developed and matured a threat modeling methodology for the implementation of software. We've recently started a separate blog for threat modeling & I'd like to invite you to check it out and keep watching Read More...
Posted: Sunday, February 26, 2006 1:13 AM by ACE Team | 3 Comments
Filed under: , ,
Page view tracker