The Information Security Tools (IST) team has released the InfoSec Assessment & Protection (A&P) Suite. The suite is made up of a technology stack of protection and assessment tools. Anil Revuru (RV) and Mark Curphey in their recent podcast, “Assessment and Protection Suite” introduce what’s in store for the future for the A&P Suite.
The A&P Suite includes:
Protection Tools:
- Web Protection Library (WPL) will act as an umbrella for several libraries and runtime modules which include:
- Anti-XSS - The Microsoft Anti-Cross Site Scripting Library v3.1 (Anti-XSS V3.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.
- SRE – Packaged together with Anti-XSS when downloaded. Helps prevent XSS and SQL injection attacks, but instead of having to make changes to the code (which is manual and costly), a user makes changes to the application configuration and not the code (white list/black list).
You can get more details on WPL as Anil Revuru (RV) in his video, “Enhanced Web Protection Library” discusses the expansion of what used to be the Anti-XSS Library.
Assessment Tools:
- Code Analysis Tool for .NET (CAT.NET) is a managed code security source code scanning tool. This has been totally rewritten.
- Web Application Configuration Analyzer (WACA) designed to scan your development environment against best practices for .NET security configuration, IIS settings, SQL Server Security best practices and some Windows permission settings.
A&P Suite overview:
To download these tools for free, you will need to register on the Connect site. Once you’ve registered, you can download the tools below directly. Get the latest on the A&P Suite on the IST Blog.
Download, A&P Suite will include:
CAT.NET 2.0 CTP
WPL 1.0 CTP
WACA 1.0 CTP
-Todd
