AntiXSS Library V3.0 – Test Harness

Hi, Anil Chintala here… In this post I wanted to talk about the new Test Harness application which was released as part of the AntiXSS V3.0 Beta and is available as a free download on MSDN with source code available for download on CodePlex. Test Harness application is created to help the users to quickly…

4

Current Memory Limitations of CAT.NET

Hi, Andreas Fuchsberger here….. It is important to understand what happens CAT.NET builds its Call Flow Super Graphs. We use a CCI object called CciControlGraph to build a Control Flow Graph for each method and each method call we find in the Common Intermediate Language (CIL) of the modules being analysed. These individual control flow…

3

Merlin: Better Specifications for CAT.NET

Guest post by Ben Livshits of Microsoft Research here…. In the last several years we have seen a proliferation of static (and sometimes runtime) analysis tools for finding web application vulnerabilities. Companies such as Fortify, Ouncelabs, Klockwork, and others have been selling tools for finding security flaws for a while now. Most focus of the…

2