The Information Security Tools (IST) team has released the InfoSec Assessment & Protection (A&P) Suite. The suite is made up of a technology stack of protection and assessment tools.  Anil Revuru (RV) and Mark Curphey in their recent podcast, “Assessment and Protection Suite” introduce what’s in store for the future for the A&P Suite.

The A&P Suite includes:

Protection Tools:

  • Web Protection Library (WPL) will act as an umbrella for several libraries and runtime modules which include:
      • Anti-XSS - The Microsoft Anti-Cross Site Scripting Library v3.1 (Anti-XSS V3.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.
      • SRE – Packaged together with Anti-XSS when downloaded. Helps prevent XSS and SQL injection attacks, but instead of having to make changes to the code (which is manual and costly), a user makes changes to the application configuration and not the code (white list/black list).

You can get more details on WPL as Anil Revuru (RV) in his video, “Enhanced Web Protection Library” discusses the expansion of what used to be the Anti-XSS Library. 

Assessment Tools:

  • Code Analysis Tool for .NET (CAT.NET) is a managed code security source code scanning tool. This has been totally rewritten.
  • Web Application Configuration Analyzer (WACA) designed to scan your development environment against best practices for .NET security configuration, IIS settings, SQL Server Security best practices and some Windows permission settings.

A&P Suite overview:

A&P

To download these tools for free, you will need to register on the Connect site. Once you’ve registered, you can download the tools below directly. Get the latest on the A&P Suite on the IST Blog.

Download, A&P Suite will include:

CAT.NET 2.0 CTP

WPL 1.0 CTP

WACA 1.0 CTP

 

-Todd