Browse by Tags

Tagged Content List
  • Blog Post: Silverlight 3.0 Datagrid - How to change a cell state?

    Hi Syam Pinnaka, Sr. SDE in Infosec tools team. Silverlight 3.0 datagrid can be used to bind to any enumerable collection and display the data in the grid. The data changes in the grid can be propagated back to the bound data using a special type in silverlight called ObservableCollection. We will discuss...
  • Blog Post: How To: Use CAT.NET 2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: How To: Use CAT.NET V2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: CAT.NET 2.0 - Beta

    Mark Curphey here… Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community...
  • Blog Post: Delay Between Actions Feature in CUIT

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions. We have playback API which helps to achieve this as shown below; Playback .PlaybackSettings...
  • Blog Post: How To: Data Drive CUIT Scripts

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts. Suppose you want to validate login feature...
  • Blog Post: How To: Customize CUIT scripts

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”. Lets take a close look...
  • Blog Post: How Do I: Configure Runtime Version

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. At times I need to test an application with different versions of the .NET framework. You can configure the application config file to force the application to use the .NET version specified in the config file. For example...
  • Blog Post: How To: Functional Testing Automation Using Visual Studio 2010

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. I want to share my first hand experience of automating functional test cases using coded UI Test, a feature in visual studio (VS) 2010 in my next coupple of blog posts. In this blog post I will show an example of recording...
  • Blog Post: How To: Use CAT.NET V2.0 CTP

    Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations...
  • Blog Post: The CAT.NET 2.0 Configuration Analysis Engine

    Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration, etc.) which should be remediated prior to...
  • Blog Post: How to Run CAT.NET 2.0 CTP

    RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we can use the command line version to analyze binaries...
  • Blog Post: Web Application Configuration Analyzer – WACA CTP Release Coming Soon

    RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight stand-alone tool focused towards developers and testers...
  • Blog Post: Double Hop Windows Authentication with IIS Hosted WCF Service

    Hello, Randy Evans here.  I am a principal developer on the Information Security Tools Team.  In a recent project, we had a intranet web site that called an IIS hosted WCF service.  The WCF service, in turn, called a SQL Server Reporting Services (SSRS) web service. We wanted to utilize...
  • Blog Post: How To: Use VSTS Code Profiler

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking lot of time or memory or CPU usage. I will show...
  • Blog Post: Web Protection Library – CTP Release Coming Soon

    RV here... Over the last couple of months we have been actively developing the next version of Anti-XSS library and Security Runtime Engine (SRE). We have added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of the Anti-XSS Library hence the change in name to the...
  • Blog Post: Dynamically Load Web Controls at Run Time

    Hi, Randy Evans here. I’m a principal developer on the Information Security Tools team. On one of our projects we had a requirement to dynamically load different web parts into a web page at run time. The challenge was that the specific web part needing to be loaded was determined by the user’s action...
  • Blog Post: Anti-XSS Library v3.1 Released!

    The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 .  Read more about Anti-XSS v3.1 on the Information Security blog and watch the video, “ Anti-XSS 3.0 Released ,” as Vineet Batta and Anil Revuru (RV), Senior...
  • Blog Post: How To Publish an ASP.NET Website from a Command Line

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. To test the tools which we develop on the team, at times I need to build a website and publish it. I use a simple way of publishing websites from the command line that saves me a LOT of time so thought I would share it. Launch...
  • Blog Post: HTML Sanitization in Anti-XSS Library

    RV here... For a while now, I have been talking about various types of encodings and how they protect web applications from cross site scripting attacks. In most cases input is simply passed through AntiXss.HtmlEncode or similar methods to transform it into safely displayable HTML entities. In some cases...
  • Blog Post: Sharing Master Pages in Multiple Projects

    Hi Anil Chintala here. I am working on a requirement for a Portal, which is to share the look and feel of the portal by multiple web applications seamlessly and without any rework. I started doing some prototyping work and writing up some scenarios we would like to consider for the requirement. For the...
  • Blog Post: Application Health Monitoring (in ASP.NET 2.0 and above)

    Vineet Batta here, A little known but excellent features of ASP.NET is it’s ability to give support teams the ability to monitor the health of ASP.NET applications. In this article I will dwell on out of box features. No custom classes or code to be written. All the configuration setting for enabling...
  • Blog Post: Encoding Cascading Style Sheet Strings

    RV here... Cascading Style Sheets provide developers ways to change the UI theme of a website and this provides many opportunities for malicious users to change the UI if the application uses dynamic data inside style tags or in HTML style attributes. Additionally keywords like expression can be used...
  • Blog Post: SSL Redirect – Http Module

    Vineet  Batta here again… Some time back one of our applications was released into production and since the application data was HBI  we were required to protect data both in a rest and a transit. For transit we enabled SSL, that is the link to get to the application will require https ://...
  • Blog Post: Self-Service Identity and Access Management Solution (Easy ID)

    Raju Bhan here, I am a PM on the Information Security Tools team   If you haven’t had a chance to go through my last blog about ensuring identity consistency, please check it out here since Easy ID is an extension of that. Easy ID was created to make email addresses at Microsoft more customer friendly...
Page 1 of 2 (31 items) 12