Farewell from Mark Curphey & Please Help Me Fight Blood Cancer

Mark Curphey here….. It is with some degree of sadness that I have to hang up my spurs from this blog. Next Monday I take up a new role on the Server & Tools Online team (think MSDN & codeplex.com) where I will be heading up the subscriptions engineering team. I have held various security…

0

How To: Use CAT.NET 2.0 Beta

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please…

0

How To: Use CAT.NET V2.0 Beta

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please…

0

CAT.NET 2.0 – Beta

Mark Curphey here… Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community.   Please send all feedback to ist-cat@microsoft.com. …

0

Delay Between Actions Feature in CUIT

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions. We have playback API which helps to achieve this as shown below; Playback.PlaybackSettings.DelayBetweenActions…

0

How To: Data Drive CUIT Scripts

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts. Suppose you want to validate login feature of an…

0

How To: Customize CUIT scripts

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”. Lets take a close look at the…

0

The CAT.NET 2.0 Configuration Analysis Engine

Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration, etc.) which should be remediated prior to deployment on a production environment. The engine…

0

How to Configure WPL v1.0 SRE

RV here… With the release of Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. It now includes a SQL Injection Detection module which can detect certain attack vectors. It also include re-designed configuration editor which enables you to easily configure SRE. The following easy steps let you configure your application…

3

How to Run CAT.NET 2.0 CTP

RV here… With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we can use the command line version to analyze binaries and…

3