CAT.NET CTP Links Are Live Again!

Download CAT.NET CTP (32 bit here and 64 bit here) Anti-XSS was not affected but for completeness Download Anti-XSS 3.0 Beta (here and source code here) Our sincere apologies.

1

CAT.NET Status Update

12 pm PST 17th, December. We continue to face issues with the download links. We are doing everything we can to resolve this and expect it to be resolved within a few hours. We will update this blog with any further news. Our sincere apologies.


Secure String in .Net – Part II

Hi Gaurav Sharma here with more information about SecureStrings. This time I’ll cover following topics: SecureString internals Performance Let us start with our first topic, SECURE STRING INTERNALS BASICS Class Name: SecureString Assembly: mscorlib.dll Latest Version: 2.0.0.0 Namespace: System.Security Implements: IDisposable Inherits: CriticalFinalizerObject Access Specifier: Public Can be inherited: No, it is a sealed class…

1

Download Problem for CAT.NET – Status Update

We are continuing to experience problems with the 32 bit download link for CAT.NET. We now estimate a fix by mid-day PST tomorrow (17th December). The 64 bit download link is active again here. I will post here as soon as it is resolved. Our continued apologies.


Download Problem for CAT.NET – Status Update

We are continuing to experience problem with the links to download CAT.NET. We estimate a fix by 5pm today (16th December). I will post here as soon as it is resolved. Our continued apologies.

1

How the Anti-XSS 3.0 SRE Works

RV again… Last time around we looked at SRE from a conceptual perspective, this time lets look at from a code perspective. Lets trace the program flow and understand in depth what SRE code does. SRE is a HttpModule, the main class file is AntiXssModule.cs which inherits from IHttpModule. In the Init() event of HttpModule…

1

Anti-XSS 3.0 Beta and CAT.NET Community Technology Preview now Live!

Mark Curphey here….. I am delighted to say that we have released two new free tools. Download CAT.NET CTP (32 bit here and 64 bit here) Download Anti-XSS 3.0 Beta (here and source code here) CAT.NET – Community Technology Preview CAT.NET is a managed code static analysis tool for finding security vulnerabilities. It’s exactly the…

19

An Update on Some Upcoming Free Tools

Mark Curphey here….. If the economy is getting you down here is some good news. We may have been quiet for the last few weeks but that’s because we’ve been busy! Anti-XSS 3.0 is being released as an internal beta today. We are aiming for a public beta on codeplex within a few weeks. That’s…

5

Using Role Based Access Control in the .NET Framework – Part 2

Vineet Batta here again.. In my last blog I discussed how to use role based access control (RBAC) and described how we can restrict access to the method based on the declarative method. In today’s blog I will explain how to use  Imperative role based demands. The end effect is the same, but using an…

1

Using Role Based Access Control in the .NET Framework – Part 1

Hi Vineet Batta here.. Consider a scenario where you want to write an assembly which contains methods that only certain type of users can call (domain\Administrators or a specific custom users account). So how can we control this within code and let the runtime enforce these security checks? Example scenario: 1: public Class MyApplication 2:…

1