Browse by Tags

Tagged Content List
  • Blog Post: How To: Use CAT.NET 2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: How To: Use CAT.NET V2.0 Beta

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...
  • Blog Post: How To: View The Header of an EXE/DLL

    Syed Aslam Basha here. I am a tester on the Information Security Tools Team. At times we may want to know the target platform (i.e. x86 or x64) of an EXE/DLL. Visual studio provides a corflags.exe tool to identify the target platform. Launch visual Studio command prompt in admin mode Type CorFlags Assembly...
  • Blog Post: Delay Between Actions Feature in CUIT

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions. We have playback API which helps to achieve this as shown below; Playback .PlaybackSettings...
  • Blog Post: How To: Data Drive CUIT Scripts

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts. Suppose you want to validate login feature...
  • Blog Post: How To: Customize CUIT scripts

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”. Lets take a close look...
  • Blog Post: How Do I: Configure Runtime Version

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. At times I need to test an application with different versions of the .NET framework. You can configure the application config file to force the application to use the .NET version specified in the config file. For example...
  • Blog Post: How To: Add Assertions in Coded UI Tests

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. As continuation to my previous post, I want to show how to add assertions to coded UI test scripts. An example maybe that after launching a portal site you want to validate the user name. Press enter after this.UIMap.LaunchPortalSite...
  • Blog Post: How To: Functional Testing Automation Using Visual Studio 2010

    Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. I want to share my first hand experience of automating functional test cases using coded UI Test, a feature in visual studio (VS) 2010 in my next coupple of blog posts. In this blog post I will show an example of recording...
  • Blog Post: How To: Use CAT.NET V2.0 CTP

    Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations...
  • Blog Post: How To: Turn off Strong Name Validation

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. In one of my  testing projects I faced the issue of “strong name validation failed” for an assembly and had to figure out a way to turn off strong name validation so that I could carryout testing on the given assembly while...
  • Blog Post: The CAT.NET 2.0 Configuration Analysis Engine

    Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration, etc.) which should be remediated prior to...
  • Blog Post: How to Configure WPL v1.0 SRE

    RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration editor which enables you to easily configure...
  • Blog Post: Web Application Configuration Analyzer – WACA CTP Release Coming Soon

    RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight stand-alone tool focused towards developers and testers...
  • Blog Post: How To: Use VSTS Code Profiler

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking lot of time or memory or CPU usage. I will show...
  • Blog Post: How To: Identify Memory Leaks In An Unmanaged Application

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. To carryout memory leaks testing for one of our applications, I have researched a lot and I thought I would share my experiences and approach I used to benefit everybody. Application details: My application under test is a DLL...
  • Blog Post: How To: Adding Lots of Users To AD To Setup Testing Environments

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. To carryout performance testing for one of our projects I need to have thousands of users for self hosted domain controller and active directory(AD). It is next to impossible to create thousands of users manually. Interestingly...
  • Blog Post: Some Useful SQL Queries for Software Testers

    Syed Aslam Basha here. I am a tester on the Information Security Tools team. As a tester, apart from UI testing I test DB for integrity. Our boss is encouraging us to share tips that save us time on the team so here are a few of mine. In this blog post I want to highlight some SQL queries I use all the...
  • Blog Post: Encoding Cascading Style Sheet Strings

    RV here... Cascading Style Sheets provide developers ways to change the UI theme of a website and this provides many opportunities for malicious users to change the UI if the application uses dynamic data inside style tags or in HTML style attributes. Additionally keywords like expression can be used...
  • Blog Post: Application Portfolio Management (APM)

    Vineet Batta here….This is a short introduction to the Application Portfolio Management (APM) component of the Connected Information Security Framework or CISF that we hope to reach the CTP milestone in next 2-3 weeks.  The APM component is designed to let you couple this lightweight application...
  • Blog Post: Implementation Ideas for the CAT.NET 2.0 Tainted Variable Analysis Algorithm

    Andreas Fuchsberger here….. Within the Information Security Tools Group we are now really getting into a redesign of our popular Code Analysis Tool for .NET (CAT.NET). One of the biggest challenges we have is to redesign the engine so that it no longer suffers from an out of memory condition when analyzing...
  • Blog Post: Some Interesting Posts

    Mark Curphey here......( @curphey on Twitter) There is a stack of new interesting videos and posts related to the software security tools we build that I found this week. Ben Livshits video on the architecture of CAT.NET here RV talking about TAM 3.0 here Helen Wang on Gazelle, a Microsoft Research browser...
  • Blog Post: Debugging Addins in Visual Studio

    Syed Aslam Basha here…..I am a tester on the Information Security Tools team. As such I often find myself needing to test new tools being developed that plug-in to Visual Studio. Most of us have probably done some debugging, but debugging an Add-in in Visual Studio poses some challenges. This is how...
Page 1 of 1 (23 items)