Double Hop Windows Authentication with IIS Hosted WCF Service

Hello, Randy Evans here.  I am a principal developer on the Information Security Tools Team.  In a recent project, we had a intranet web site that called an IIS hosted WCF service.  The WCF service, in turn, called a SQL Server Reporting Services (SSRS) web service. We wanted to utilize the authorization mechanisms of SSRS….


How To: Use VSTS Code Profiler

Syed Aslam Basha here. I am a tester on the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking lot of time or memory or CPU usage. I will show how…


Web Protection Library – CTP Release Coming Soon

RV here… Over the last couple of months we have been actively developing the next version of Anti-XSS library and Security Runtime Engine (SRE). We have added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of the Anti-XSS Library hence the change in name to the Web Protection Library or…


SQL Server 2008 Security – Policy Example

Hi, Gaurav Sharma here, I’m a developer with the Information Security Tools (IST) team. A few months ago I posted a blog, SQL Policy Based Management (PBM) and posted a follow up introductory “How Do I” video on the same topic. Since then I’ve received a lot of feedback and questions regarding how to create more…


How to Manage a Product Backlog with Visual Studio Team System 2008

Hi this is Marius Grigoriu, Program Manager of Risk Tracker and our BI system–which will both be introduced at a later time. Today I am going to share how I track and manage projects and requirements. Both my teams are Agile teams and use product backlogs to document requirements and to track progress against them….


Automating Windows Firewall Settings with C#

Hi Vamsy here. I am a Developer in Information Security Tools Team. I have done some work on automating Windows Firewall settings using C# and wanted to share what I learnt. In this post, I am going to demonstrate how to programmatically access the following features of Windows Firewall using C#. I have divided the…

1

Automate Security Management for VSTF Source Control

Kathy Shieh here. I am the dev lead for the Information Security Tools team in the US. Visual Studio Team Foundation server (VSTF)  provides a pretty good GUI interface for security management. Within the VSTF UI you can create custom roles, manage membership for each role and manage security for source control at folder and/or…


Implementation Ideas for the CAT.NET 2.0 Tainted Variable Analysis Algorithm

Andreas Fuchsberger here….. Within the Information Security Tools Group we are now really getting into a redesign of our popular Code Analysis Tool for .NET (CAT.NET). One of the biggest challenges we have is to redesign the engine so that it no longer suffers from an out of memory condition when analyzing large binaries. To…


C# Compiler Optimization

Gaurav Sharma here, I’m a developer with the Information Security Tools team. A couple of months back when I was trying to understanding the .NET compilation model I encountered an interesting thing. I created a small program to print an Int32 type array to a console. The code follows. 1: using System; 2:   3:…


Creating Multi-Level Navigational Menu with the ASP.NET Repeater Control and CSS Styles

Syam Pinnaka here, I am a Senior Developer on the Information Security Tools team focused mainly on building identity management software using Microsoft Forefront Identity Manager (more info about FIM can be found here and well be talking about the work we do on FIM in future post) as well as the Security Portal. The…