Browse by Tags

Tagged Content List
  • Blog Post: CAT.NET and our fiscal year end

    At this point in time we are accepting recommendations, suggestions and new features.  However, we do not have any planned updates for the remainder of the fiscal year.  We are going through our FY12 planning and CAT.NET is on the list of requests for next year.  We will know by the end...
  • Blog Post: How To: Use CAT.NET 2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: How To: Use CAT.NET V2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: CAT.NET 2.0 - Beta

    Mark Curphey here… Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community...
  • Blog Post: What’s happening with CAT.NET 2.0?

    RV here... Our pre alpha release included a command line tool showcasing newer version of CAT.NET based on tainted data flow analysis engine using Phoenix compiler infrastructure. It also included a configuration analysis engine which was capable of identifying insecure configuration in .config files...
  • Blog Post: How To: Use CAT.NET V2.0 CTP

    Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations...
  • Blog Post: The CAT.NET 2.0 Configuration Analysis Engine

    Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration, etc.) which should be remediated prior to...
  • Blog Post: How to Run CAT.NET 2.0 CTP

    RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we can use the command line version to analyze binaries...
  • Blog Post: Web Application Configuration Analyzer – WACA CTP Release Coming Soon

    RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight stand-alone tool focused towards developers and testers...
  • Blog Post: Implementation Ideas for the CAT.NET 2.0 Tainted Variable Analysis Algorithm

    Andreas Fuchsberger here….. Within the Information Security Tools Group we are now really getting into a redesign of our popular Code Analysis Tool for .NET (CAT.NET). One of the biggest challenges we have is to redesign the engine so that it no longer suffers from an out of memory condition when analyzing...
  • Blog Post: Some Interesting Posts

    Mark Curphey here......( @curphey on Twitter) There is a stack of new interesting videos and posts related to the software security tools we build that I found this week. Ben Livshits video on the architecture of CAT.NET here RV talking about TAM 3.0 here Helen Wang on Gazelle, a Microsoft Research browser...
  • Blog Post: New Build of CAT.NET (Version - 1.1.1.9) – Please Upgrade

    Syed Aslam Basha here…..I am a tester on the Information Security Tools team. There is a new build of CAT.NET Version 1.1.1.9 now available for download on MSDN ( 32 bit here and 64 bit here ). We recommend *ALL* users upgrade to this latest release, a bug fix and minor improvements build. As well as...
  • Blog Post: What’s Coming from the Information Security Tools Team

    Mark Curphey here (Follow me using @curphey on Twitter ). June is a busy time of year around MSFT. For most teams you have a pretty good idea about your budget for the next year (July – July) and the end of year performance review cycle kicks in. You spend most of your time in retrospective of the last...
  • Blog Post: Running CAT.NET as a Custom MSBuild Task

    Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing CAT.NET. You can run CAT.NET as; A Visual studio add-in From Command prompt As an FXCop rule Lastly, integrated into VSTF Team build as an MSBuild custom task Here am going to describe using CAT.NET...
  • Blog Post: CAT.NET – How Big Do Your Project Files Grow ?

    We are planning a complete re-write of the core CAT.NET engine starting July 1st to get a scalable engine from which we can build on. Building graphs from code is “expensive” hence the OOM issues with the current version. We do it all in memory.. doh! Lot’s of cool features / improvements will be added...
Page 1 of 1 (15 items)