How To: View header of EXE/DLL

Syed Aslam Basha here from the Information Security Tools Team. At times we may want to know the target platform (i.e. x86 or x64) of EXE/DLL. Visual studio provides corflags.exe tool to identify the target platform as; Launch visual Studio command prompt in admin mode Type CorFlags Assembly File Path and press enter Example C:\Windows\system32>corflags…

1

Delay between actions feature in CUIT

Syed Aslam Basha here from the Information Security Tools Team. The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions. We have playback API which helps to achieve this as shown below; Playback.PlaybackSettings.DelayBetweenActions = 1000; The value…


How To: Data Drive CUIT Scripts

Syed Aslam Basha here from the Information Security Tools Team. One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts. Suppose you want to validate login feature of an application with different users….


How Do I: Configure Runtime Version

Syed Aslam Basha here from the Information Security Tools Team. At times I need to test application with different versions of .NET. We can configure application config file and make the application to use the .NET version specified in the config file. For example, suppose we have application built with .NET 3.5 and want to…


How To: Add assertions in Coded UI Tests

Syed Aslam Basha here from the Information Security Tools Team. As continuation to my previous post, let me show adding check point which is adding assertions to coded UI test scripts. For example, after launching portal site you want to validate user name. Press enter after this.UIMap.LaunchPortalSite(); (continuation from the previous blog post) , right…

4

Features of Web Protection Library v1.0

Syed Aslam Basha here from the Information Security Tools team. WPL v1.0 has got the following features: AntiXSS library (It has got deprecated methods of AntiXSS) Encoder Library (It has got AntiXSS methods provided in the new namespace) Security runtime engine (SRE) configuration editor SRE modules Cross-site scripting protection module SQL injection partial protection module For…

2

How To: Configure your application to use WPL – SRE modules

Syed Aslam Basha here from the Information Security Tools team. In order to use security runtime engine (SRE) in your application, you need to configure web.config. Currently SRE has got two modules, cross-site scripting protection module and SQL injection partial protection module. Launch security runtime engine configuration editor from start – >  All programs –>…


How To: Turn off Strong Name Validation

Syed Aslam Basha here from the Information Security Tools team. In one of my application testing I faced issue of “strong name validation failed” for a assembly, had to figure out a way to turn off strong name validation so that I can carryout testing on the given assembly while I get appropriate assembly. The…


How To: Use CAT.NET V2.0 CTP

Syed Aslam Basha here from the Information Security Tools team. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations. You can open the rules files present at C:\Program files\Microsoft Information Security tools\Microsoft Code Analysis for .NET(CAT.NET) v2.0\Rules\ConfigRules, to get…


How to: Run CAT.NET v1.1 at command prompt

Syed Aslam Basha here from the Information Security Tools team. In the previous blog post I demonstrated “How to use CAT.NET as a Visual studio Add-In to identify security flaws within managed code”, for more information you can refer to the blog post here. Here am going to demonstrate “How to run CAT.NET at command…

2