Features of Web Protection Library v1.0

Syed Aslam Basha here from the Information Security Tools team. WPL v1.0 has got the following features: AntiXSS library (It has got deprecated methods of AntiXSS) Encoder Library (It has got AntiXSS methods provided in the new namespace) Security runtime engine (SRE) configuration editor SRE modules Cross-site scripting protection module SQL injection partial protection module For…

2

How To: Configure your application to use WPL – SRE modules

Syed Aslam Basha here from the Information Security Tools team. In order to use security runtime engine (SRE) in your application, you need to configure web.config. Currently SRE has got two modules, cross-site scripting protection module and SQL injection partial protection module. Launch security runtime engine configuration editor from start – >  All programs –>…

0

How To: Turn off Strong Name Validation

Syed Aslam Basha here from the Information Security Tools team. In one of my application testing I faced issue of “strong name validation failed” for a assembly, had to figure out a way to turn off strong name validation so that I can carryout testing on the given assembly while I get appropriate assembly. The…

0

How To: Use CAT.NET V2.0 CTP

Syed Aslam Basha here from the Information Security Tools team. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations. You can open the rules files present at C:\Program files\Microsoft Information Security tools\Microsoft Code Analysis for .NET(CAT.NET) v2.0\Rules\ConfigRules, to get…

0

How To: Use Microsoft Web Application Configuration Analyzer v1.0

Syed Aslam Basha here from the Information Security Tools team. Current version of WACA v1.0 CTP analyzes application configuration for security best practices related to General Application, IIS , ASP.NET Application and SQL Server settings.  Machine can be scanned remotely to identify any misconfigurations. It provides detailed report on multiple instances of checks for further…

0

Protecting your websites against SQL injection using web protection library v1.0

Syed Aslam Basha here from the Information Security Tools team. Apart from Cross-site scripting (XSS) protection/detection Web protection library (WPL) has security runtime engine (SRE) – http module to protect/detect from SQL injection attacks as well. SQL Library is available as a supplemental library setup, you can install it during installation of WPL. Otherwise you…

2

New Security Tools – CTP Releases!

Syed Aslam Basha here from the Information Security Tools team. CAT.NET v2.0 CTP – CAT.NET is totally revamped and it uses phoenix compiler infrastructure. Currently, the CAT.NET v2.0 CTP has: · New core data flow analysis engine based on Phoenix · New configuration rules engine · Command line interface WPL v1.0 CTP – WPL mitigate…

0

How To: Web Service Load Testing Using VSTS 2010

Syed Aslam Basha here from the Information Security Tools team. Apart from performance testing for web sites, I have done load testing on web services for many of our projects. I will show how to create a web test for web service using Visual studio team system 2010 (VSTS) which can be used in load…

0

How To: Use Perfmon in Windows 7

Syed Aslam Basha here from the Information Security Tools team. This blog post is in continuation with How To: Identify Memory Leaks In An Unmanaged Application blog post. I will show how to setup perfom to collect data for the selected counter in Windows 7. Steps to configure perfmon: Click on start –> Click on…

0

How To: Use VSTS code profiler

Syed Aslam Basha here from the Information Security Tools team. This blog post is in continuation with website performance testing simplified blog post. The final step in performance testing is to narrow down the faulty code which is taking lot of time or memory or CPU usage. I will show how VSTS code profiler can…

0