Hi everyone, Diane here.  Recently the Information Security Tools (IST) Team released the Assessment & Protection (A&P) Suite. If you missed the overview on the A&P suite, check out the Information Security blog.  The Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated.  Anil Revuru (RV) from the IST team discusses these updates in his recent blog and also provides a walkthrough on how to configure WPL SRE.  The WPL (formerly Anti-XSS Library) has also been expanded and includes new mitigation for attacks such as SQL injection, cross-site request forgery (CSRF), setting enforcement like SSL & HTTP_ONLY cookies and more.  RV discusses these attacks in more detail in his recent video “Using the Web Protection Library (WPL) - CTP Version.” 

In addition, for the assessment tools of the A&P suite which includes the Code Analysis Tool for .NET (CAT.NET) and Web Application Configuration Analyzer (WACA), RV talks about how to install and configure  CAT.NET v2.0 in his blog “How to Run CAT.NET 2.0 CTP”.  To configure the WACA tool RV provides guidance how to setup this tool in his video “Using Web Application Configuration Analyzer (WACA) - CTP Version”.

The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools.  Read CTP announcement and follow the Information Security Tools team blog.

-Diane Talvo
Security Awareness Program Manager
Microsoft Information Security