InfoSec recently released their Assessment & Protection (A&P) Suite. To get the details of this suite, you can check out my last blog.
Anil Revuru (RV) from the IST (Information Security Tools) team in his recent blog discusses how Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. RV walks you through how to configure WPL SRE. Also in his video “Using the Web Protection Library (WPL) - CTP Version” he talks about the expansion of the Anti-XSS Library and introduces mitigation for other attacks including: SQL injection, cross-site request forgery (CSRF) and setting enforcement like SSL & HTTP_ONLY cookies to name a few. Additionally apart of this A&P suite, RV discusses the assessment tools including the Code Analysis Tool for .NET (CAT.NET) and Web Application Configuration Analyzer (WACA). Check out his blog “How to Run CAT.NET 2.0 CTP” as he goes over the installation and configuration details of CAT.NET v2.0. You can also view his “Using Web Application Configuration Analyzer (WACA) - CTP Version” where shows how to configure the verification tool.
The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools.
Read CTP announcement and follow the IST Team blog for the latest on the A&P suite and other security tools.