Browse by Tags
All Tags »
Information Security Tools (RSS)
Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration,
Read More...
RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration
Read More...
RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we
Read More...
RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight
Read More...
Hello, Randy Evans here. I am a principal developer on the Information Security Tools Team. In a recent project, we had a intranet web site that called an IIS hosted WCF service. The WCF service, in turn, called a SQL Server Reporting
Read More...
The coding fairies are been busy crafting code. Blogging (and maybe even Tweeting if there is a demand) will return soon and well have a few nice CTP’s for you to play with over the next few weeks. Look for news about; CAT.NET 2.0 CTP – Rebuilt from the
Read More...
Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking
Read More...
RV here... Over the last couple of months we have been actively developing the next version of Anti-XSS library and Security Runtime Engine (SRE). We have added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of
Read More...
Hi, Gaurav Sharma here, I’m a developer with the Information Security Tools (IST) team. A few months ago I posted a blog, SQL Policy Based Management (PBM) and posted a follow up introductory “ How Do I” video on the same topic. Since then I’ve received
Read More...
The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 . Read more about Anti-XSS v3.1 on the Information Security blog and watch the video, “ Anti-XSS 3.0 Released
Read More...
Hi Vamsy here. I am an Operations Engineer in the Information Security Team. In my previous post, I have described automating Windows Firewall Settings with C#. As promised in the previous post , I will describe the tool I call Windows Firewall
Read More...
RV here... For a while now, I have been talking about various types of encodings and how they protect web applications from cross site scripting attacks. In most cases input is simply passed through AntiXss.HtmlEncode or similar methods to transform it
Read More...
Hi Anil Chintala here. I am working on a requirement for a Portal, which is to share the look and feel of the portal by multiple web applications seamlessly and without any rework. I started doing some prototyping work and writing up some scenarios we
Read More...
Vineet Batta here, A little known but excellent features of ASP.NET is it’s ability to give support teams the ability to monitor the health of ASP.NET applications. In this article I will dwell on out of box features. No custom classes or code to be written.
Read More...
Hi, Ch etan Bhat here. I’m a developer with the Security Tools Team. In this post I will talk about common mistakes developers make when when using hash functions. Any hash function is required to meet the following two requirements. It must be easy to
Read More...
