AntiXSS 4.0 Released

AntiXSS 4.0 has been released and is available from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651. The new source will be published to CodePlex within the next few days. Minimum Requirements .NET Framework 3.5 Return Values If you pass a null as the value an encoding function the function will now return null. The previous behavior was to return String.Empty. Medium…

0

How to View a Report in WACA?

Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices. Here is how you can use this tool to view a scan report which provides resolution details for failed rules. 1. From the presented Launchpad under the “Quick Actions” Section screen click on the…

0

How to Scan a Server using WACA?

Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices. Here is how you can use this tool to scan a machine for these best practices. 1. Launch the application by going to Windows Start Menu and selecting “Microsoft Information Security”, “Web Application Configuration…

0

Web Application Configuration Analyzer v1.0 RTW is live!

I am excited to announce the release of Web Application Configuration Analyzer v1.0 tool. The following is the quick overview of the tool and its features. Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can also be used…

0

CAT.NET v2.0 Update

  Frank Brisse here… I wanted to provide an update on CAT.NET v2.0.  We were looking to release CAT.NET v2.0 in June but ran into a design issue at the last moment causing us to delay the release.  At this point we are working with internal teams to determine how to best fix this concern. …

0

The May 2010 Security Runtime Engine Preview is now available on CodePlex

The WPL site on CodePlex now has the May CTP code only release for the Web Protection Library and a Word document introducing the new extensibility points for the Security Runtime Engine. We haven’t released binaries because it’s just a preview, it is in no way ready for production. So why make the source available?…

0

Farewell from Mark Curphey & Please Help Me Fight Blood Cancer

Mark Curphey here….. It is with some degree of sadness that I have to hang up my spurs from this blog. Next Monday I take up a new role on the Server & Tools Online team (think MSDN & codeplex.com) where I will be heading up the subscriptions engineering team. I have held various security…

0

The Web Protection Library – plans and processes.

First off let me introduce myself; my name is Barry Dorrans, I’m a recent transplant from the UK and I finally joined the Information Security tools team 6 weeks ago after the long and involved process of visa acquisition. Before joining Microsoft I was a consultant in the UK working with various companies on developer…

0

Silverlight 3.0 Datagrid – How to change a cell state?

Hi Syam Pinnaka, Sr. SDE in Infosec tools team. Silverlight 3.0 datagrid can be used to bind to any enumerable collection and display the data in the grid. The data changes in the grid can be propagated back to the bound data using a special type in silverlight called ObservableCollection. We will discuss more about…

0

How To: Use CAT.NET 2.0 Beta

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please…

0