December, 2009

  • Security Tools

    What’s happening with CAT.NET 2.0?

    • 0 Comments
    RV here... Our pre alpha release included a command line tool showcasing newer version of CAT.NET based on tainted data flow analysis engine using Phoenix compiler infrastructure. It also included a configuration analysis engine which was capable of identifying...
  • Security Tools

    How To: Use CAT.NET V2.0 CTP

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities...
  • Security Tools

    How To: Turn off Strong Name Validation

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team. In one of my  testing projects I faced the issue of “strong name validation failed” for an assembly and had to figure out a way to turn off strong name validation so that...
  • Security Tools

    WCF Security – Impersonation

    • 0 Comments
    Hi, Gaurav Sharma here, I’m a developer with the Information Security Tools (IST) team. In today’s post I’ll concentrate on the topic of Impersonation in WCF.  Impersonation By definition , Impersonation is the act of assuming a different identity...
  • Security Tools

    The CAT.NET 2.0 Configuration Analysis Engine

    • 0 Comments
    Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration...
Page 1 of 1 (5 items)