• Security Tools

    Some New Software Security Tools for Web Developers – (CTP Releases)

    • 6 Comments
    Curphey here…..(follow me on Twitter @curphey if you want the breaking news!) My wife keeps telling me I work too much. Maybe I do, maybe I don’t but if I do I am not alone. Some folks on my team have been doing some super-human stuff and we are ready...
  • Security Tools

    CAT.NET – How Big Do Your Project Files Grow ?

    • 4 Comments
    We are planning a complete re-write of the core CAT.NET engine starting July 1st to get a scalable engine from which we can build on. Building graphs from code is “expensive” hence the OOM issues with the current version. We do it all in memory.. doh...
  • Security Tools

    How to Verify the Validity of IIS Certificates on Remote Servers Using ABO

    • 3 Comments
    Nawal Kishore Gupta here. I am a developer on the Information Security Tools team focused on building host security assessment tools. IIS: Admin Base Objects (ABO) ABO is the most powerful way to control the IIS meta-base settings on different IIS Versions...
  • Security Tools

    New Build of CAT.NET (Version - 1.1.1.9) – Please Upgrade

    • 3 Comments
    Syed Aslam Basha here…..I am a tester on the Information Security Tools team. There is a new build of CAT.NET Version 1.1.1.9 now available for download on MSDN ( 32 bit here and 64 bit here ). We recommend *ALL* users upgrade to this latest release,...
  • Security Tools

    How to Run CAT.NET 2.0 CTP

    • 3 Comments
    RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we...
  • Security Tools

    How to Configure WPL v1.0 SRE

    • 3 Comments
    RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration...
  • Security Tools

    LDAP Injection and Mitigation

    • 2 Comments
    RV here... The Lightweight Directory Access Protocol (LDAP) API provides a mechanism for connecting to, searching, and modifying internet directories. A LDAP (Lightweight Directory Access Protocol) injection attack exploits vulnerabilities in input validation...
  • Security Tools

    Transparent Data Encryption (TDE) : Encrypting Data at Rest

    • 2 Comments
    Vineet Batta here…..I am senior software development engineer in Information Security Tools team at Microsoft. Today I am going to share my experiences on encrypting data at rest.  Most organizations want to secure their HBI (High Business Impact...
  • Security Tools

    How to Get All User Members From Nested Security Groups in Active Directory Using .NET and C#

    • 1 Comments
    Hello, Randy Evans here. I am a principal developer on the Information Security Tools team. In a recent project, we found it necessary to get collections of users from security groups defined in Active Directory (AD). It is common practice for security...
  • Security Tools

    Object.GetHashCode()

    • 1 Comments
    Gaurav Sharma here, I’m a developer with the Information Security Tools team. Today I want to share something about FCL’s GetHashCode method. System.Object provides a virtual GetHashCode method so that an Int32 hash code can be obtained for any and all...
  • Security Tools

    SSL Redirect – Http Module

    • 1 Comments
    Vineet  Batta here again… Some time back one of our applications was released into production and since the application data was HBI  we were required to protect data both in a rest and a transit. For transit we enabled SSL, that is the link...
  • Security Tools

    What’s Coming from the Information Security Tools Team

    • 1 Comments
    Mark Curphey here (Follow me using @curphey on Twitter ). June is a busy time of year around MSFT. For most teams you have a pretty good idea about your budget for the next year (July – July) and the end of year performance review cycle kicks in. You...
  • Security Tools

    Free PDF Download of “Beautiful Security” Chapter (Tomorrows Security Cogs and Levers) Here

    • 1 Comments
    Mark Curphey here …(@curphey on Twitter) A few months ago I got an opportunity to work on a collaborative security book for O’Reilly called Beautiful Security . The concept was to gather together some folks who to share their thoughts on information security...
  • Security Tools

    Understanding False Positives When using CAT.NET

    • 1 Comments
    Andreas Fuchsberger here… As CAT.NET performs its static analysis, it attempts to approximate the application's data flow which occurs at runtime. When there is a question to whether the approximation is accurate, the engine errs on the side of caution...
  • Security Tools

    Running CAT.NET as a Custom MSBuild Task

    • 1 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing CAT.NET. You can run CAT.NET as; A Visual studio add-in From Command prompt As an FXCop rule Lastly, integrated into VSTF Team build as an MSBuild...
  • Security Tools

    Welcome to the Microsoft IT Information Security Tools Team Blog

    • 1 Comments
    We used to be called the Connected Information Security Group (CISG). The name change reflects an increased scope of tools that we are building and areas that we are focusing on so we have updated the blog URL. Well leave all the content on the old blog...
  • Security Tools

    Securing Databases with Policy Based Management

    • 1 Comments
    Hi, Gaurav Sharma here, A few months back I was reading an article about new features in SQL Server 2008 and it was the first time I had heard anything about Policy Based Management or PBM. PBM is a new feature introduced with SQL Server 2008 which lets...
  • Security Tools

    Automating Windows Firewall Settings with C#

    • 1 Comments
    Hi Vamsy here. I am a Developer in Information Security Tools Team. I have done some work on automating Windows Firewall settings using C# and wanted to share what I learnt. In this post, I am going to demonstrate how to programmatically access the following...
  • Security Tools

    Encoding Cascading Style Sheet Strings

    • 0 Comments
    RV here... Cascading Style Sheets provide developers ways to change the UI theme of a website and this provides many opportunities for malicious users to change the UI if the application uses dynamic data inside style tags or in HTML style attributes...
  • Security Tools

    How to Manage a Product Backlog with Visual Studio Team System 2008

    • 0 Comments
    Hi this is Marius Grigoriu, Program Manager of Risk Tracker and our BI system--which will both be introduced at a later time. Today I am going to share how I track and manage projects and requirements. Both my teams are Agile teams and use product backlogs...
  • Security Tools

    Hash Functions in .NET – Right Tool for the Right Job

    • 0 Comments
    Hi, Ch etan Bhat here. I’m a developer with the Security Tools Team. In this post I will talk about common mistakes developers make when when using hash functions. Any hash function is required to meet the following two requirements. It must be easy to...
  • Security Tools

    Application Health Monitoring (in ASP.NET 2.0 and above)

    • 0 Comments
    Vineet Batta here, A little known but excellent features of ASP.NET is it’s ability to give support teams the ability to monitor the health of ASP.NET applications. In this article I will dwell on out of box features. No custom classes or code to be written...
  • Security Tools

    Sharing Master Pages in Multiple Projects

    • 0 Comments
    Hi Anil Chintala here. I am working on a requirement for a Portal, which is to share the look and feel of the portal by multiple web applications seamlessly and without any rework. I started doing some prototyping work and writing up some scenarios we...
  • Security Tools

    HTML Sanitization in Anti-XSS Library

    • 0 Comments
    RV here... For a while now, I have been talking about various types of encodings and how they protect web applications from cross site scripting attacks. In most cases input is simply passed through AntiXss.HtmlEncode or similar methods to transform it...
  • Security Tools

    How To Publish an ASP.NET Website from a Command Line

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team. To test the tools which we develop on the team, at times I need to build a website and publish it. I use a simple way of publishing websites from the command line that saves...
Page 1 of 5 (109 items) 12345