How to Configure WPL v1.0 SRE

RV here… With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration editor which enables you to easily configure SRE. The following easy steps let you configure your application…


How to Run CAT.NET 2.0 CTP

RV here… With the new build of CAT.NET available on you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we can use the command line version to analyze binaries and…


WPL at SecurityBytes in India

If you want to come hear Anil Chintala (one of the developers on Anti-XSS) speak about the new WPL you can catch him at the OWASP / SecurityBytes conference in New Delhi later this week.  It’s being opened by the former President of India!! Anil Chintala currently works for Information Security Tools team in…


Some New Software Security Tools for Web Developers – (CTP Releases)

Curphey here…..(follow me on Twitter @curphey if you want the breaking news!) My wife keeps telling me I work too much. Maybe I do, maybe I don’t but if I do I am not alone. Some folks on my team have been doing some super-human stuff and we are ready to share some early preview…


Forefront Identity Manager 2010 (FIM 2010) Data Cache

Hi, Syam Pinnaka here. I am a Sr. SDE on the Information Security Tools Team. In one of the recent projects there is a requirement to build an audit trail of “Group” object related activities in Forefront Identity Manager 2010 (FIM 2010). FIM provides a WCF interface to program against it but building audit trail…


Web Application Configuration Analyzer – WACA CTP Release Coming Soon

RV here… Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight stand-alone tool focused towards developers and testers who often developed in an unmanaged environment. The tools needed to…


How To: Web Service Load Testing Using VSTS 2010

Syed Aslam Basha here. I am a tester on the Information Security Tools team. Apart from performance testing for web sites, I have done load testing on web services for many of our projects. I will show how to create a web test for web service using Visual studio team system 2010 (VSTS) which can…


How To: Use Perfmon in Windows 7

Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with How To: Identify Memory Leaks In An Unmanaged Application blog post. I will show how to setup perfmon to collect data for the selected counter in Windows 7. Steps to configure perfmon Click on…


Double Hop Windows Authentication with IIS Hosted WCF Service

Hello, Randy Evans here.  I am a principal developer on the Information Security Tools Team.  In a recent project, we had a intranet web site that called an IIS hosted WCF service.  The WCF service, in turn, called a SQL Server Reporting Services (SSRS) web service. We wanted to utilize the authorization mechanisms of SSRS….