How Do I: Configure Runtime Version

Syed Aslam Basha here from the Information Security Tools Team. At times I need to test application with different versions of .NET. We can configure application config file and make the application to use the .NET version specified in the config file. For example, suppose we have application built with .NET 3.5 and want to…


Features of Web Protection Library v1.0

Syed Aslam Basha here from the Information Security Tools team. WPL v1.0 has got the following features: AntiXSS library (It has got deprecated methods of AntiXSS) Encoder Library (It has got AntiXSS methods provided in the new namespace) Security runtime engine (SRE) configuration editor SRE modules Cross-site scripting protection module SQL injection partial protection module For…

2

How To: Configure your application to use WPL – SRE modules

Syed Aslam Basha here from the Information Security Tools team. In order to use security runtime engine (SRE) in your application, you need to configure web.config. Currently SRE has got two modules, cross-site scripting protection module and SQL injection partial protection module. Launch security runtime engine configuration editor from start – >  All programs –>…


New Security Tools – CTP Releases!

Syed Aslam Basha here from the Information Security Tools team. CAT.NET v2.0 CTP – CAT.NET is totally revamped and it uses phoenix compiler infrastructure. Currently, the CAT.NET v2.0 CTP has: · New core data flow analysis engine based on Phoenix · New configuration rules engine · Command line interface WPL v1.0 CTP – WPL mitigate…


AntiXSS v3.1 new features

Syed Aslam Basha here from the Information Security Tools team. In AntiXSS library, two new methods AntiXss.GetSafeHtml and AntiXss.GetSafeHtmlFragment have been added, useful to sanitize the HTML input. These methods are useful in scenarios where the user enters HTML input and likes to store or display it back as HTML. The methods validate the input…


How to: Publish a website using command prompt

Syed Aslam Basha here from the Information Security Tools team. To test the tools which we develop on the team, at times I need to build a website and publish it. I use a simple way of publishing websites from the command line that saves me LOT of time so thought I would share it. Launch…

1