Browse by Tags

Tagged Content List
  • Blog Post: This Blog URL Has Changed – Please Update Your Readers

    Things have been quite on the blog for while. There is a LOT of code being cranked out at the moment as we work towards some deadlines in the summer on various projects. Our team name has also changed from the Connected Information Security Group (CISG) to the Microsoft IT Information Security Tools...
  • Blog Post: CAT.NET New Build – 1.1.1.8

    Mainly small bug fixes and a new feature to export the findings into an Excel spreadsheet. Download link is - http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en   We recommend all users to upgrade to this version. We have some work now...
  • Blog Post: Getting Help for CAT.NET and Anti-XSS

    We now have a discussion forum for users of CAT.NET. There is no official support for these tools but you can ask questions and we will try to help wherever we can! CAT.NET - http://social.msdn.microsoft.com/Forums/en-US/catnet/threads/ Anti-XSS - http://www.codeplex.com/AntiXSS/Thread/List.aspx
  • Blog Post: MSDN Webcast: Software Security with Static Code Analysis Using CAT.NET (Level 200)

    Event Overview In this webcast, we provide an overview of what static code analysis is and typical coding errors that static analysis can and cannot detect. We also look at the recently released CAT.NET tool and how it helps with the detection of security flaws. Presenter: Andreas Fuchsberger, Senior...
  • Blog Post: Current Memory Limitations of CAT.NET

    Hi, Andreas Fuchsberger here..... It is important to understand what happens CAT.NET builds its Call Flow Super Graphs. We use a CCI object called CciControlGraph to build a Control Flow Graph for each method and each method call we find in the Common Intermediate Language (CIL) of the modules being...
  • Blog Post: Free MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)

    Language(s): English. Product(s): Security. Audience(s): Developer. Duration: 60 Minutes Start Date: Friday, January 09, 2009 12:00 PM Pacific Time (US & Canada) Register Here
  • Blog Post: Merlin: Better Specifications for CAT.NET

    Guest post by Ben Livshits of Microsoft Research here.... In the last several years we have seen a proliferation of static (and sometimes runtime) analysis tools for finding web application vulnerabilities. Companies such as Fortify, Ouncelabs, Klockwork, and others have been selling tools for finding...
  • Blog Post: Security Code Review Using CAT.NET - Part 2

    Hi Andreas Fuchsberger here again...... How does CAT.NET work? As I mentioned in Part 1 here , CAT.NET is an information-flow type static analysis tool using an implementation of tainted-variable analysis. Tainted-variable analysis is an integrity problem in which that tries to identify whether less...
  • Blog Post: Security Code Review Using CAT.NET - Part 1

    Hi Andreas Fuchsberger here … To coincide with the CTP release of CAT.NET and Anti-XSS , within the CSIG we have been taking a long hard look at static analysis tools for developers and Information Security professionals. Over the next series of blog posts I will explain the fundamentals of the...
  • Blog Post: CAT.NET CTP Links Are Live Again!

    Download CAT.NET CTP ( 32 bit here and 64 bit here ) Anti-XSS was not affected but for completeness Download Anti-XSS 3.0 Beta ( here and source code here ) Our sincere apologies.
  • Blog Post: CAT.NET Status Update

    12 pm PST 17th, December. We continue to face issues with the download links. We are doing everything we can to resolve this and expect it to be resolved within a few hours. We will update this blog with any further news. Our sincere apologies.
  • Blog Post: Download Problem for CAT.NET - Status Update

    We are continuing to experience problems with the 32 bit download link for CAT.NET. We now estimate a fix by mid-day PST tomorrow (17th December). The 64 bit download link is active again here . I will post here as soon as it is resolved. Our continued apologies.
  • Blog Post: Download Problem for CAT.NET - Status Update

    We are continuing to experience problem with the links to download CAT.NET. We estimate a fix by 5pm today (16th December). I will post here as soon as it is resolved. Our continued apologies.
Page 1 of 1 (13 items)