RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration...

RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we...

If you want to come hear Anil Chintala (one of the developers on Anti-XSS) speak about the new WPL you can catch him at the OWASP / SecurityBytes conference in New Delhi later this week. http://www.securitybyte.org/   It’s being opened by the former...

Curphey here…..(follow me on Twitter @curphey if you want the breaking news!) My wife keeps telling me I work too much. Maybe I do, maybe I don’t but if I do I am not alone. Some folks on my team have been doing some super-human stuff and we are ready...

Hi, Syam Pinnaka here. I am a Sr. SDE on the Information Security Tools Team. In one of the recent projects there is a requirement to build an audit trail of “Group” object related activities in Forefront Identity Manager 2010 (FIM 2010). FIM provides...

RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight...

Syed Aslam Basha here. I am a tester on the Information Security Tools team. Apart from performance testing for web sites, I have done load testing on web services for many of our projects. I will show how to create a web test for web service using Visual...

Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with How To: Identify Memory Leaks In An Unmanaged Application blog post. I will show how to setup perfmon to collect data for the selected...

Hello, Randy Evans here.  I am a principal developer on the Information Security Tools Team.  In a recent project, we had a intranet web site that called an IIS hosted WCF service.  The WCF service, in turn, called a SQL Server Reporting...