• Security Tools

    Microsoft Security Bulletin MS12-007– Vulnerability in AntiXSS Library Could Allow Information Disclosure

    • 0 Comments
    Today sees the release of AntiXSS v4.2 in order to address MS12-007 . As AntiXSS is a developer tool developers need to download the latest version, test, then deploy the web sites using the library. nuget has also updated – if you’ve added AntiXSS via...
  • Security Tools

    CAT.NET and our fiscal year end

    • 0 Comments
    At this point in time we are accepting recommendations, suggestions and new features.  However, we do not have any planned updates for the remainder of the fiscal year.  We are going through our FY12 planning and CAT.NET is on the list of requests...
  • Security Tools

    CAT.NET Update – Long Overdue

    • 0 Comments
    Frank Brisse here… I wanted to provide an update to the CAT.NET project since it’s been a while since my last communication. Internally we have version 2.0 of CAT.NET running. Unfortunately, some of the features we relied on in Visual Studio’s code analysis...
  • Security Tools

    AntiXSS 4.0 Released

    • 0 Comments
    AntiXSS 4.0 has been released and is available from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651 . The new source will be published to CodePlex within the next few days. Minimum Requirements .NET Framework...
  • Security Tools

    How to View a Report in WACA?

    • 0 Comments
    Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices. Here is how you can use this tool to view a scan report which provides resolution details for failed rules. 1. From...
  • Security Tools

    How to Scan a Server using WACA?

    • 0 Comments
    Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices. Here is how you can use this tool to scan a machine for these best practices. 1. Launch the application by going to...
  • Security Tools

    Web Application Configuration Analyzer v1.0 RTW is live!

    • 0 Comments
    I am excited to announce the release of Web Application Configuration Analyzer v1.0 tool. The following is the quick overview of the tool and its features. Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best...
  • Security Tools

    CAT.NET v2.0 Update

    • 0 Comments
      Frank Brisse here… I wanted to provide an update on CAT.NET v2.0.  We were looking to release CAT.NET v2.0 in June but ran into a design issue at the last moment causing us to delay the release.  At this point we are working with internal...
  • Security Tools

    The May 2010 Security Runtime Engine Preview is now available on CodePlex

    • 0 Comments
    The WPL site on CodePlex now has the May CTP code only release for the Web Protection Library and a Word document introducing the new extensibility points for the Security Runtime Engine. We haven’t released binaries because it’s just a preview, it is...
  • Security Tools

    Farewell from Mark Curphey & Please Help Me Fight Blood Cancer

    • 0 Comments
    Mark Curphey here….. It is with some degree of sadness that I have to hang up my spurs from this blog. Next Monday I take up a new role on the Server & Tools Online team (think MSDN & codeplex.com) where I will be heading up the subscriptions...
  • Security Tools

    The Web Protection Library – plans and processes.

    • 0 Comments
    First off let me introduce myself; my name is Barry Dorrans, I’m a recent transplant from the UK and I finally joined the Information Security tools team 6 weeks ago after the long and involved process of visa acquisition. Before joining Microsoft I was...
  • Security Tools

    Silverlight 3.0 Datagrid - How to change a cell state?

    • 0 Comments
    Hi Syam Pinnaka, Sr. SDE in Infosec tools team. Silverlight 3.0 datagrid can be used to bind to any enumerable collection and display the data in the grid. The data changes in the grid can be propagated back to the bound data using a special type in silverlight...
  • Security Tools

    How To: Use CAT.NET 2.0 Beta

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa...
  • Security Tools

    How To: Use CAT.NET V2.0 Beta

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa...
  • Security Tools

    CAT.NET 2.0 - Beta

    • 0 Comments
    Mark Curphey here… Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program...
  • Security Tools

    How To: View The Header of an EXE/DLL

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools Team. At times we may want to know the target platform (i.e. x86 or x64) of an EXE/DLL. Visual studio provides a corflags.exe tool to identify the target platform. Launch visual Studio...
  • Security Tools

    Delay Between Actions Feature in CUIT

    • 0 Comments
    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions. We have playback API which helps to...
  • Security Tools

    How To: Data Drive CUIT Scripts

    • 0 Comments
    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT...
  • Security Tools

    How To: Customize CUIT scripts

    • 0 Comments
    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to...
  • Security Tools

    How Do I: Configure Runtime Version

    • 0 Comments
    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. At times I need to test an application with different versions of the .NET framework. You can configure the application config file to force the application to use the...
  • Security Tools

    How To: Add Assertions in Coded UI Tests

    • 0 Comments
    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. As continuation to my previous post, I want to show how to add assertions to coded UI test scripts. An example maybe that after launching a portal site you want to validate...
  • Security Tools

    How To: Functional Testing Automation Using Visual Studio 2010

    • 0 Comments
    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. I want to share my first hand experience of automating functional test cases using coded UI Test, a feature in visual studio (VS) 2010 in my next coupple of blog posts...
  • Security Tools

    One Story At A Time

    • 0 Comments
    Hey everyone, this is Marius Grigoriu, PM leading the Risk Tracker and Security BI projects and portal and notifications components. One of the challenges we encountered on our path to Agility was that our testers were getting squeezed at the end of each...
  • Security Tools

    WCF Authorization with Custom Principal

    • 0 Comments
    Hi, I am Syam Pinnaka, Sr. SDE in InfoSec tools team. In AuthZ component of CISF, we have a requirement to perform authorization checks in a WCF service. Since CISF AuthZ module has a custom implementation of IPrincipal called as CISFPrincipal, Its looks...
  • Security Tools

    What’s happening with CAT.NET 2.0?

    • 0 Comments
    RV here... Our pre alpha release included a command line tool showcasing newer version of CAT.NET based on tainted data flow analysis engine using Phoenix compiler infrastructure. It also included a configuration analysis engine which was capable of identifying...
Page 1 of 5 (109 items) 12345