Syed Aslam Basha here from the Information Security Tools team.
In order to use security runtime engine (SRE) in your application, you need to configure web.config. Currently SRE has got two modules, cross-site scripting protection module and SQL injection partial protection module.
- Launch security runtime engine configuration editor from start – > All programs –> Microsoft Information security –> Web protection library v1.0 –> security runtime engine configuration editor
- Click on file – > Open, select your websites web.config file
- Select configuration node
- Click on configuration – > new –> cross site scripting protection module
- Similarly you can add SQL injection partial protection module
- Click on save
- Click on File – > Exit
- Copy SRE binaries to bin folder of your application
You are good to use the SRE modules!
For more information on the SRE modules refer to my earlier blog posts.
-Syed Aslam Basha (firstname.lastname@example.org)
Microsoft Information Security Tools (IST) Team