Browse by Tags

Tagged Content List
  • Blog Post: XSSDetect FAQ

    Hi! This is Hassan Khan. As promissed, here the FAQs on XSSDetect: Q. What is XSSDetect? A. XSSDetect is stripped down version of the Code Analysis Tool for .NET used by the ACE team to help find security vulnerabilities in software applications. It has been made available for free on Microsoft downloads...
  • Blog Post: XSSDETECT: Analyzing Large Applications

    XSSDetect is a static binary analysis tool. In the first step of analysis it reads target binaries to create a directed graph where nodes represent statements while the edges represent flow of data. This graph can get huge for large applications and users can sometimes run into the “out of memory exception...
  • Blog Post: Update: Some details on how XSSDetect does dataflow analysis

    Just a brief update, Hassan Khan one of the lead developers of XSSDetect and part of our ACE Engineering team has posted up some technical details on how XSSDetect uses data flow analysis to do its magic. You can read more about it here . Feel free to leave additional questions and I'm sure he'll follow...
  • Blog Post: XSSDetect Public Beta now Available!

    One of the biggest, constant problems we've seen our enterprise customers deal with and we here at Microsoft have to also contend with is that of the XSS (Cross Site Scripting) bug. It's very common and unfortunately, still an issue we have to deal with in many web applications. Internally, the ACE Team...
  • Blog Post: ACE's interview with Scoble on Channel 9 - part II & III now up

    Hey Folks, part II and III of the Channel 9 interviews are up! You can check out part II here and part III here . Ahmad Mahdi Security Technologist Microsoft – ACE Team ahmad.mahdi
  • Blog Post: What would you like the ACE team to discuss on Channel 9?

    The ACE Team is going to be doing a Channel 9 video with Robert Scoble! (Thanks Robert! :) We’ll get a chance to discuss what we do and how we do it. We’ll also be spending time talking about our threat modeling process and tool (more info as always on our threat modeling blog ). But the real reason...
  • Blog Post: Crypto Key Generation & Management

    Ever wondered how strong your crypto keys are and whether they are secure against the ever growing threat of being compromised? The threat continues to grow daily in a world where hackers are mounting more sophisticated and complex attacks against a constantly increasing attack surface. The attacks vectors...
  • Blog Post: What’s the difference between IOSEC and the Microsoft Anti-Cross Site Scripting Library?

    Some users who have been using IOSEC, our internal library for defending against cross-site scripting (XSS) attacks, may be wondering what’s the difference between that library and the Microsoft Anti-Cross Site Scripting Library V1.0 at http://www.microsoft.com/downloads/details.aspx?FamilyID=9A2B9C92...
  • Blog Post: ACE Team Tools and Libraries Part I - IOSEC

    Update [3/16/06, 4:56PM] There has been some confusion between what IOSEC does and what the Microsoft Anti-Cross Site Scripting Library does (linked to below). The Anti-XSS library currently has a subset of the functionality of IOSEC. Over the coming weeks and months, we will be porting over additional...
  • Blog Post: Threat Analysis & Modeling Launch

    Over the past several years, the ACE Team has developed and matured a threat modeling methodology for the implementation of software. We've recently started a separate blog for threat modeling & I'd like to invite you to check it out and keep watching it for more details as we get ready to launch...
Page 1 of 1 (10 items)