Security Deployment Inspection Using Office.

I am a big fun of small time savers to be more productive.

JD has the whole category for Effectiveness tag - worth checking on these gems.

So I am looking always how to reuse my practices across disciplines

I am trying to combine my security engineering practice with MS Office productivity tools

This time I will show how I use Excel for Deployment Inspection.

NOTE: It is not ultimate holistic approach for deployment inspection rather some productivity trick. For me at least :)

Imagine I have a strong desire to inspect deployment on some IIS server where Pet Shop Web App is deployed. One thing I'd check if there are only sane files deployed. I will use my friend DIR command

/A:-D means no directories please

/S means subfolder too please

/B means no summaries please

thank you

 

 Here is how result looks like, notice source files deployed to production - not the best practices, but we just spotted it - good job!

 

 

I've recently reviewed application with 650 dlls... well notepad is handy but not in this case. So let me open the txt file in Excel 2007 (other version are good too for this task) and define formula in B column like =RIGHT(A1, 3) - now I got extensions. "fig" would stand for .config files I presume. Now you have the power of excel spotting sane and insane files

 

 

More on files that should be deployed to production are here Bin and Special Directories

Enjoy