Browse by Tags

Tagged Content List
  • Blog Post: Silverlight 3.0 Datagrid - How to change a cell state?

    Hi Syam Pinnaka, Sr. SDE in Infosec tools team. Silverlight 3.0 datagrid can be used to bind to any enumerable collection and display the data in the grid. The data changes in the grid can be propagated back to the bound data using a special type in silverlight called ObservableCollection. We will discuss...
  • Blog Post: How To: Use CAT.NET 2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: How To: Use CAT.NET V2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: CAT.NET 2.0 - Beta

    Mark Curphey here… Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community...
  • Blog Post: Delay Between Actions Feature in CUIT

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions. We have playback API which helps to achieve this as shown below; Playback .PlaybackSettings...
  • Blog Post: How To: Data Drive CUIT Scripts

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts. Suppose you want to validate login feature...
  • Blog Post: How To: Customize CUIT scripts

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”. Lets take a close look...
  • Blog Post: How Do I: Configure Runtime Version

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. At times I need to test an application with different versions of the .NET framework. You can configure the application config file to force the application to use the .NET version specified in the config file. For example...
  • Blog Post: How To: Functional Testing Automation Using Visual Studio 2010

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. I want to share my first hand experience of automating functional test cases using coded UI Test, a feature in visual studio (VS) 2010 in my next coupple of blog posts. In this blog post I will show an example of recording...
  • Blog Post: WCF Authorization with Custom Principal

    Hi, I am Syam Pinnaka, Sr. SDE in InfoSec tools team. In AuthZ component of CISF, we have a requirement to perform authorization checks in a WCF service. Since CISF AuthZ module has a custom implementation of IPrincipal called as CISFPrincipal, Its looks little tricky to use the CISFPincipal in a WCF...
  • Blog Post: What’s happening with CAT.NET 2.0?

    RV here... Our pre alpha release included a command line tool showcasing newer version of CAT.NET based on tainted data flow analysis engine using Phoenix compiler infrastructure. It also included a configuration analysis engine which was capable of identifying insecure configuration in .config files...
  • Blog Post: How To: Use CAT.NET V2.0 CTP

    Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations...
  • Blog Post: WCF Security – Impersonation

    Hi, Gaurav Sharma here, I’m a developer with the Information Security Tools (IST) team. In today’s post I’ll concentrate on the topic of Impersonation in WCF.  Impersonation By definition , Impersonation is the act of assuming a different identity on a temporary basis so that a different security...
  • Blog Post: The CAT.NET 2.0 Configuration Analysis Engine

    Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration, etc.) which should be remediated prior to...
  • Blog Post: How to Configure WPL v1.0 SRE

    RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration editor which enables you to easily configure...
  • Blog Post: How to Run CAT.NET 2.0 CTP

    RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we can use the command line version to analyze binaries...
  • Blog Post: Web Application Configuration Analyzer – WACA CTP Release Coming Soon

    RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight stand-alone tool focused towards developers and testers...
  • Blog Post: Double Hop Windows Authentication with IIS Hosted WCF Service

    Hello, Randy Evans here.  I am a principal developer on the Information Security Tools Team.  In a recent project, we had a intranet web site that called an IIS hosted WCF service.  The WCF service, in turn, called a SQL Server Reporting Services (SSRS) web service. We wanted to utilize...
  • Blog Post: How To: Use VSTS Code Profiler

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking lot of time or memory or CPU usage. I will show...
  • Blog Post: Web Protection Library – CTP Release Coming Soon

    RV here... Over the last couple of months we have been actively developing the next version of Anti-XSS library and Security Runtime Engine (SRE). We have added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of the Anti-XSS Library hence the change in name to the...
  • Blog Post: InfoPath Forms submission to a SharePoint Library – Part 2

    Hi, Aravindhan Rajagopal here. I am a developer on the Information Security Tools team. This post continues form my previous blog ( Part 1 here) on InfoPath form submission to SharePoint...Lets go through the web service creation and form submission methods specific to the scenario where custom codes...
  • Blog Post: InfoPath Forms submission to a SharePoint library – Part 1

    Hi, Aravindhan Rajagopal here. I am a developer on the Information Security Tools team. In this blog, I will explain InfoPath form submission to SharePoint methods and some work-arounds for a specific scenarios explained below. I will begin with a sample InfoPath form creation, web service creation for...
  • Blog Post: C# Generics

    Hello, I am Syam Pinnaka, I am a developer in Infosec tools team. In this blog post lets recap some information about C# Generics. One of the problems with OOP is “code bloat”. One type of code bloat occurs when a function or a set of methods in a class are overloaded to support many different data types...
  • Blog Post: Dynamically Load Web Controls at Run Time

    Hi, Randy Evans here. I’m a principal developer on the Information Security Tools team. On one of our projects we had a requirement to dynamically load different web parts into a web page at run time. The challenge was that the specific web part needing to be loaded was determined by the user’s action...
  • Blog Post: Anti-XSS Library v3.1 Released!

    The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 .  Read more about Anti-XSS v3.1 on the Information Security blog and watch the video, “ Anti-XSS 3.0 Released ,” as Vineet Batta and Anil Revuru (RV), Senior...
Page 1 of 2 (38 items) 12