• Security Tools

    How To: Use CAT.NET V2.0 CTP

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities...
  • Security Tools

    How To: Turn off Strong Name Validation

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team. In one of my  testing projects I faced the issue of “strong name validation failed” for an assembly and had to figure out a way to turn off strong name validation so that...
  • Security Tools

    WCF Security – Impersonation

    • 0 Comments
    Hi, Gaurav Sharma here, I’m a developer with the Information Security Tools (IST) team. In today’s post I’ll concentrate on the topic of Impersonation in WCF.  Impersonation By definition , Impersonation is the act of assuming a different identity...
  • Security Tools

    The CAT.NET 2.0 Configuration Analysis Engine

    • 0 Comments
    Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration...
  • Security Tools

    How to Configure WPL v1.0 SRE

    • 3 Comments
    RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration...
  • Security Tools

    How to Run CAT.NET 2.0 CTP

    • 3 Comments
    RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we...
  • Security Tools

    WPL at SecurityBytes in India

    • 0 Comments
    If you want to come hear Anil Chintala (one of the developers on Anti-XSS) speak about the new WPL you can catch him at the OWASP / SecurityBytes conference in New Delhi later this week. http://www.securitybyte.org/   It’s being opened by the former...
  • Security Tools

    Some New Software Security Tools for Web Developers – (CTP Releases)

    • 6 Comments
    Curphey here…..(follow me on Twitter @curphey if you want the breaking news!) My wife keeps telling me I work too much. Maybe I do, maybe I don’t but if I do I am not alone. Some folks on my team have been doing some super-human stuff and we are ready...
  • Security Tools

    Forefront Identity Manager 2010 (FIM 2010) Data Cache

    • 0 Comments
    Hi, Syam Pinnaka here. I am a Sr. SDE on the Information Security Tools Team. In one of the recent projects there is a requirement to build an audit trail of “Group” object related activities in Forefront Identity Manager 2010 (FIM 2010). FIM provides...
  • Security Tools

    Web Application Configuration Analyzer – WACA CTP Release Coming Soon

    • 0 Comments
    RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight...
  • Security Tools

    How To: Web Service Load Testing Using VSTS 2010

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team. Apart from performance testing for web sites, I have done load testing on web services for many of our projects. I will show how to create a web test for web service using Visual...
  • Security Tools

    How To: Use Perfmon in Windows 7

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with How To: Identify Memory Leaks In An Unmanaged Application blog post. I will show how to setup perfmon to collect data for the selected...
  • Security Tools

    Double Hop Windows Authentication with IIS Hosted WCF Service

    • 0 Comments
    Hello, Randy Evans here.  I am a principal developer on the Information Security Tools Team.  In a recent project, we had a intranet web site that called an IIS hosted WCF service.  The WCF service, in turn, called a SQL Server Reporting...
  • Security Tools

    Normal Service Will Resume Soon

    • 0 Comments
    The coding fairies are been busy crafting code. Blogging (and maybe even Tweeting if there is a demand) will return soon and well have a few nice CTP’s for you to play with over the next few weeks. Look for news about; CAT.NET 2.0 CTP – Rebuilt from the...
  • Security Tools

    How To: Use VSTS Code Profiler

    • 0 Comments
    Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking...
  • Security Tools

    Web Protection Library – CTP Release Coming Soon

    • 0 Comments
    RV here... Over the last couple of months we have been actively developing the next version of Anti-XSS library and Security Runtime Engine (SRE). We have added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of...
  • Security Tools

    How to Integrate Risk Tracker with Internal HR Feeds

    • 0 Comments
    Hi, Vineet Batta here. I’m a senior software developer on the Information Security Tools (IST) team. In my last blog I shared details on features of the Risk Tracker application focusing on the Risk Management module. Today, I will help customers who...
  • Security Tools

    InfoPath Forms submission to a SharePoint Library – Part 2

    • 0 Comments
    Hi, Aravindhan Rajagopal here. I am a developer on the Information Security Tools team. This post continues form my previous blog ( Part 1 here) on InfoPath form submission to SharePoint...Lets go through the web service creation and form submission methods...
  • Security Tools

    InfoPath Forms submission to a SharePoint library – Part 1

    • 0 Comments
    Hi, Aravindhan Rajagopal here. I am a developer on the Information Security Tools team. In this blog, I will explain InfoPath form submission to SharePoint methods and some work-arounds for a specific scenarios explained below. I will begin with a sample...
  • Security Tools

    C# Generics

    • 0 Comments
    Hello, I am Syam Pinnaka, I am a developer in Infosec tools team. In this blog post lets recap some information about C# Generics. One of the problems with OOP is “code bloat”. One type of code bloat occurs when a function or a set of methods in a class...
  • Security Tools

    SQL Server 2008 Security - Policy Example

    • 0 Comments
    Hi, Gaurav Sharma here, I’m a developer with the Information Security Tools (IST) team. A few months ago I posted a blog, SQL Policy Based Management (PBM) and posted a follow up introductory “ How Do I” video on the same topic. Since then I’ve received...
  • Security Tools

    Risk Tracker v1.0 Release

    • 0 Comments
    Hi, Vineet Batta here. I’m a senior software developer on the Information Security Tools (IST) team. I’m excited to share the release of Risk Tracker version 1.0. In this blog post I will give you a quick overview of the features supported by this...
  • Security Tools

    Dynamically Load Web Controls at Run Time

    • 0 Comments
    Hi, Randy Evans here. I’m a principal developer on the Information Security Tools team. On one of our projects we had a requirement to dynamically load different web parts into a web page at run time. The challenge was that the specific web part needing...
  • Security Tools

    Anti-XSS Library v3.1 Released!

    • 0 Comments
    The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 .  Read more about Anti-XSS v3.1 on the Information Security blog and watch the video, “ Anti-XSS 3.0 Released...
  • Security Tools

    Introducing the Connected Information Security Framework and Risk Tracker

    • 0 Comments
    The Microsoft Information Security Tools (IST) team has released the Connected Information Security Framework (CISF) , a software development framework comprises of API’s and reusable components that is designed to ‘create bespoke or custom information...
Page 2 of 5 (109 items) 12345