Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight stand-alone tool focused towards developers and testers who often developed in an unmanaged environment. The tools needed to help developers configure their local environments with security best practices and specifically target;
It will help developers to develop applications in secure de3velopment environments and ensure that their application works seamlessly in a similar secure production environment.
Quick summary of features included in WACA CTP.
Here is a screenshot of the landing screen for the tool.
This tool compliments the CAT.NET tool which performs static analysis of .NET code and infact both tools use the same configuration signature format for their configuration checks meaning you can now scan the code and check the configuration seamlessly. We are working on releasing a CTP next week which will be available on http://connect.microsoft.com (search for Information Security Tools and register).