Anti-XSS Library v4.0 is released

Barrage of changes were made for this release including CSS and LDAP encodings. You can get more details about the release at http://blogs.msdn.com/b/securitytools/archive/2010/09/30/antixss_2d00_4_2d00_0_2d00_release_2d00_notes.aspx. You can download the installer from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651 and source from http://wpl.codeplex.com. Thanks Anil RV


How to View a Report in WACA?

Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices. Here is how you can use this tool to view a scan report which provides resolution details for failed rules. 1. From the presented Launchpad under the “Quick Actions” Section screen click on the…

1

How to Scan a Server using WACA?

Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices. Here is how you can use this tool to scan a machine for these best practices. 1. Launch the application by going to Windows Start Menu and selecting “Microsoft Information Security”, “Web Application Configuration…


Web Application Configuration Analyzer v1.0 RTW is live!

I am excited to announce the release of Web Application Configuration Analyzer v1.0 tool. The following is the quick overview of the tool and its features. Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can also be used…

5

Increase cheap netbook performance using Windows Embedded Standard 7

With recent release of Windows Embedded Standard 7 you can get all the goodness of Windows 7 with the power of componentization, which means you now split windows and remove the unneeded components to increase your performance. Here is the problem I had, I bought a ASUS EEEPC 900HD for $200, putting entire windows 7…


Custom build activity for TFS 2010 to send email with build details – Part 2

My previous blog post talked about how to develop a custom workflow activity to use it in the build workflow process to generate email with work item and file information. This second installment talks about how to integrate the custom workflow activity in your build process. First step in this integration is to compile the…

9

Custom build activity for TFS 2010 to send email with build details – Part 1

Team Foundation Server 2010 build service can now be customized using .NET v4.0 workflow activities. I was recently working on a requirement to generate an email after the successful build which provides basic information about the contents of the build. Here are some basic requirements for the activity. Send Email after the compilation and test…

5

How to get files associated with a changeset?

This information is very useful when deploying or installing a new build generated by TFS Build Server. It can give information for testers to target specific areas of the application. TFS Source Control service can provider the necessary information. The following code should retrieve all the files associated with specific changeset id. private static List<string>…


JavaScript static analysis using Gatekeeper

Microsoft Research has been doing awesome work with regards to statically analyzing JavaScript application. As more and more applications are using AJAX and other client side frameworks which make use of JavaScript to provide rich client experience there is certain need for more deeper analysis. More information about gatekeeper and related papers can be found…


How to determine a given file as executable file?

Is your application accepting files and writing them to the disk? How do you determine if the file extension is an executable file on the server? Fortunately with the use of SaferiIsExecutableFileType function you can determine if a given file is an executable or not. This allows the application to make runtime decisions on whether…