Browse by Tags
All Tags »
CISG (RSS)
Things have been quite on the blog for while. There is a LOT of code being cranked out at the moment as we work towards some deadlines in the summer on various projects. Our team name has also changed from the Connected Information Security Group (CISG)
Read More...
We now have a discussion forum for users of CAT.NET. There is no official support for these tools but you can ask questions and we will try to help wherever we can! CAT.NET - http://social.msdn.microsoft.com/Forums/en-US/catnet/threads/ Anti-XSS - http://www.codeplex.com/AntiXSS/Thread/List.asp
Read More...
Event Overview In this webcast, we provide an overview of what static code analysis is and typical coding errors that static analysis can and cannot detect. We also look at the recently released CAT.NET tool and how it helps with the detection of security
Read More...
Hi, Anil Chintala here… In this post I wanted to talk about the new Test Harness application which was released as part of the AntiXSS V3.0 Beta and is available as a free download on MSDN with source code available for download on CodePlex . Test
Read More...
Hi, Andreas Fuchsberger here..... It is important to understand what happens CAT.NET builds its Call Flow Super Graphs. We use a CCI object called CciControlGraph to build a Control Flow Graph for each method and each method call we find in the Common
Read More...
Language(s): English. Product(s): Security. Audience(s): Developer. Duration: 60 Minutes Start Date: Friday, January 09, 2009 12:00 PM Pacific Time (US & Canada) Register Here
Read More...
Guest post by Ben Livshits of Microsoft Research here.... In the last several years we have seen a proliferation of static (and sometimes runtime) analysis tools for finding web application vulnerabilities. Companies such as Fortify, Ouncelabs, Klockwork,
Read More...
Hi Andreas Fuchsberger here again...... How does CAT.NET work? As I mentioned in Part 1 here , CAT.NET is an information-flow type static analysis tool using an implementation of tainted-variable analysis. Tainted-variable analysis is an integrity problem
Read More...
Hi Andreas Fuchsberger here … To coincide with the CTP release of CAT.NET and Anti-XSS , within the CSIG we have been taking a long hard look at static analysis tools for developers and Information Security professionals. Over the next series of
Read More...
Download CAT.NET CTP ( 32 bit here and 64 bit here ) Anti-XSS was not affected but for completeness Download Anti-XSS 3.0 Beta ( here and source code here ) Our sincere apologies.
Read More...
Hi Gaurav Sharma here with more information about SecureStrings. This time I'll cover following topics: SecureString internals Performance Let us start with our first topic, SECURE STRING INTERNALS BASICS Class Name: SecureString Assembly: mscorlib.dll
Read More...
RV again... Last time around we looked at SRE from a conceptual perspective , this time lets look at from a code perspective. Lets trace the program flow and understand in depth what SRE code does. SRE is a HttpModule, the main class file is AntiXssModule.cs
Read More...
RV here again... Traditionally security fixes are applied to specific pieces of code where a vulnerability exists which usually involves some development and testing effort. Imagine a system where an application is instantly secured by simple configuration.
Read More...
Hi RV here again... Last time I looked at ASP.NET controls and few common scenarios where you need to use encoding. Couple of weeks back we looked at a sample data binding scenario. This time lets exclusively look at various ASP.NET data binding techniques
Read More...
Hi Vineet Batta here.... Background Programs written for .NET are relatively easy to reverse engineer. You can use free tools like Lutz Roeder's .NET Reflector to load .NET assemblies and view all the code (IL) contained within them. This is not in any
Read More...
