Translate This Page
Translate this page
ForeFront Identity Manager
Host Security Assessment
Information Security Tools
Lean Software Development
Browse by Tags
Tagged Content List
How To: Use CAT.NET 2.0 Beta
Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
5 Feb 2010
The CAT.NET 2.0 Configuration Analysis Engine
Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration, etc.) which should be remediated prior to...
1 Dec 2009
How to Configure WPL v1.0 SRE
RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration editor which enables you to easily configure...
17 Nov 2009
Web Protection Library – CTP Release Coming Soon
RV here... Over the last couple of months we have been actively developing the next version of Anti-XSS library and Security Runtime Engine (SRE). We have added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of the Anti-XSS Library hence the change in name to the...
17 Oct 2009
Anti-XSS Library v3.1 Released!
The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 . Read more about Anti-XSS v3.1 on the Information Security blog and watch the video, “ Anti-XSS 3.0 Released ,” as Vineet Batta and Anil Revuru (RV), Senior...
17 Sep 2009
HTML Sanitization in Anti-XSS Library
RV here... For a while now, I have been talking about various types of encodings and how they protect web applications from cross site scripting attacks. In most cases input is simply passed through AntiXss.HtmlEncode or similar methods to transform it into safely displayable HTML entities. In some cases...
31 Aug 2009
Encoding Cascading Style Sheet Strings
RV here... Cascading Style Sheets provide developers ways to change the UI theme of a website and this provides many opportunities for malicious users to change the UI if the application uses dynamic data inside style tags or in HTML style attributes. Additionally keywords like expression can be used...
21 Aug 2009
LDAP Injection and Mitigation
RV here... The Lightweight Directory Access Protocol (LDAP) API provides a mechanism for connecting to, searching, and modifying internet directories. A LDAP (Lightweight Directory Access Protocol) injection attack exploits vulnerabilities in input validation to run arbitrary LDAP statements against...
10 Aug 2009
In Seattle and Want To Chat to the WPL (Anti-XSS) Developer?
RV is doing a talk at the local OWASP Chapter. Details below. http://www.owasp.org/index.php/Seattle#Next_Event_11_August_.28Tuesday.29
29 Jul 2009
Anti-XSS Library 3.0 RTM
RV here… Anti-XSS library 3.0 is now RTM!!! MSDN download center is updated with the new binaries. Here is a overview of the changes in 3.0 release. New features in this version of the Microsoft Anti-Cross Site Scripting Library include: An expanded white list that supports more languages Performance...
15 Jul 2009
Web Protection Library (WPL) – A Brief Introduction
RV here… I wanted to share with you some tidbits on our new project called Web Protection Library (WPL) which contains libraries to protect web applications from common vulnerabilities and attacks. Our goal is to offer comprehensive web application protection with minimal configuration. With the release...
9 Jul 2009
Differences Between AntiXss.HtmlEncode and HttpUtility.HtmlEncode Methods
Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing Microsoft Anti-XSS V3.0. The difference lies in implementation and performance you could get. The following are the differences between Microsoft.Security.Application.AntiXss.HtmlEncode and System...
9 Jul 2009
What’s Coming from the Information Security Tools Team
Mark Curphey here (Follow me using @curphey on Twitter ). June is a busy time of year around MSFT. For most teams you have a pretty good idea about your budget for the next year (July – July) and the end of year performance review cycle kicks in. You spend most of your time in retrospective of the last...
4 Jun 2009
Page 1 of 1 (13 items)
© 2014 Microsoft Corporation.
Privacy & Cookies