Browse by Tags
All Tags »
Software Testing (RSS)
Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration,
Read More...
RV here... With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration
Read More...
RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight
Read More...
Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking
Read More...
Syed Aslam Basha here. I am a tester on the Information Security Tools team. To carryout memory leaks testing for one of our applications, I have researched a lot and I thought I would share my experiences and approach I used to benefit everybody. Application
Read More...
Syed Aslam Basha here. I am a tester on the Information Security Tools team. To carryout performance testing for one of our projects I need to have thousands of users for self hosted domain controller and active directory(AD). It is next to impossible
Read More...
Syed Aslam Basha here. I am a tester on the Information Security Tools team. As a tester, apart from UI testing I test DB for integrity. Our boss is encouraging us to share tips that save us time on the team so here are a few of mine. In this blog post
Read More...
RV here... Cascading Style Sheets provide developers ways to change the UI theme of a website and this provides many opportunities for malicious users to change the UI if the application uses dynamic data inside style tags or in HTML style attributes.
Read More...
Vineet Batta here….This is a short introduction to the Application Portfolio Management (APM) component of the Connected Information Security Framework or CISF that we hope to reach the CTP milestone in next 2-3 weeks. The APM component is designed
Read More...
Andreas Fuchsberger here….. Within the Information Security Tools Group we are now really getting into a redesign of our popular Code Analysis Tool for .NET (CAT.NET). One of the biggest challenges we have is to redesign the engine so that it no longer
Read More...
Mark Curphey here......( @curphey on Twitter) There is a stack of new interesting videos and posts related to the software security tools we build that I found this week. Ben Livshits video on the architecture of CAT.NET here RV talking about TAM 3.0
Read More...
Syed Aslam Basha here…..I am a tester on the Information Security Tools team. As such I often find myself needing to test new tools being developed that plug-in to Visual Studio. Most of us have probably done some debugging, but debugging an Add-in in
Read More...
