The Connected Information Security Group
This Blog URL Has Changed – Please Update Your Readers
Things have been quite on the blog for while. There is a LOT of code being cranked out at the moment...
Date: 04/16/2009
CAT.NET New Build – 1.1.1.8
Mainly small bug fixes and a new feature to export the findings into an Excel spreadsheet. Download...
Date: 03/20/2009
Getting Help for CAT.NET and Anti-XSS
We now have a discussion forum for users of CAT.NET. There is no official support for these tools...
Date: 02/23/2009
MSDN Webcast: Software Security with Static Code Analysis Using CAT.NET (Level 200)
Event Overview In this webcast, we provide an overview of what static code analysis is and typical...
Date: 02/16/2009
AntiXSS Library V3.0 - Test Harness
Hi, Anil Chintala here… In this post I wanted to talk about the new Test Harness application...
Date: 01/19/2009
Free MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)
Language(s): English. Product(s): Security. Audience(s): Developer. Duration: 60 Minutes Start Date:...
Date: 01/04/2009
Merlin: Better Specifications for CAT.NET
Guest post by Ben Livshits of Microsoft Research here.... In the last several years we have seen a...
Date: 01/02/2009
Security Code Review Using CAT.NET - Part 2
Hi Andreas Fuchsberger here again...... How does CAT.NET work? As I mentioned in Part 1 here,...
Date: 12/22/2008
Security Code Review Using CAT.NET - Part 1
Hi Andreas Fuchsberger here … To coincide with the CTP release of CAT.NET and Anti-XSS, within...
Date: 12/22/2008
CAT.NET CTP Links Are Live Again!
Download CAT.NET CTP (32 bit here and 64 bit here) Anti-XSS was not affected but for completeness...
Date: 12/17/2008
CAT.NET Status Update
12 pm PST 17th, December. We continue to face issues with the download links. We are doing...
Date: 12/17/2008
Secure String in .Net - Part II
Hi Gaurav Sharma here with more information about SecureStrings. This time I'll cover following...
Date: 12/17/2008
Download Problem for CAT.NET - Status Update
We are continuing to experience problems with the 32 bit download link for CAT.NET. We now estimate...
Date: 12/16/2008
Download Problem for CAT.NET - Status Update
We are continuing to experience problem with the links to download CAT.NET. We estimate a fix by 5pm...
Date: 12/16/2008
How the Anti-XSS 3.0 SRE Works
RV again... Last time around we looked at SRE from a conceptual perspective, this time lets look at...
Date: 12/16/2008
Anti-XSS 3.0 Beta and CAT.NET Community Technology Preview now Live!
Mark Curphey here..... I am delighted to say that we have released two new free tools. Download...
Date: 12/15/2008
An Update on Some Upcoming Free Tools
Mark Curphey here..... If the economy is getting you down here is some good news. We may have been...
Date: 11/13/2008
Using Role Based Access Control in the .NET Framework - Part 2
Vineet Batta here again.. In my last blog I discussed how to use role based access control (RBAC)...
Date: 10/29/2008
Using Role Based Access Control in the .NET Framework - Part 1
Hi Vineet Batta here.. Consider a scenario where you want to write an assembly which contains...
Date: 10/28/2008
ISO/IEC JTC 1/SC 27 - Working Group - Trip Report
Hi Andreas Fuchsberger here again.... Introduction The most recent ISO/IEC JTC1/SC 27 (Subcommittee)...
Date: 10/24/2008
ISO SC27 Introduction and History
Hi Andreas Fuchsberger here..... In order to better understand a report I am about to post next on a...
Date: 10/24/2008
A Sneak Peak at the Security Runtime Engine
RV here again... Traditionally security fixes are applied to specific pieces of code where a...
Date: 10/24/2008
Introducing SecurityNow
Mark Curphey here..... A few months back I challenged some of my team to build a "Proof of...
Date: 10/17/2008
Secure Strings in .NET - Part I
Hi Gaurav Sharma here....... I am a developer on the CISG India team based in Hyderabad and I joined...
Date: 10/08/2008
ASP.NET Data Binding and AntiXss Encoding
Hi RV here again... Last time I looked at ASP.NET controls and few common scenarios where you need...
Date: 10/01/2008
Beauty Aint Necessarily in the Eye of the Beholder
There's a truism that says, "beauty is in the eye of the beholder." I'm...
Date: 09/21/2008
Obfuscation Explained...
Hi Vineet Batta here.... Background Programs written for .NET are relatively easy to reverse...
Date: 09/19/2008
Client-Side Scripting Languages Support in AntiXSS
Anil Chintala here... Recently I was asked about a question on client-side scripting language...
Date: 09/18/2008
Which ASP.NET Controls Need HTML Encoding?
RV here... Last time we saw some some real world XSS examples. This time we will look at which...
Date: 09/17/2008
Trip Report : Day Three of Gartner BPM Conference
Marius here again..... Highlights: On average, 80% of the IT budget goes toward maintenance and only...
Date: 09/16/2008
There's a LOT More to Building Security Software than Software Security
Mark Curphey here..... I often get asked exactly what I do for a living at Microsoft. Many people...
Date: 09/16/2008
Designing Whole Systems
Hi Dennis Groves here...... Recently I was questioned over a comment I made about a USB key being...
Date: 09/12/2008
How Do you Get from Theoretical Physics to Information Security?
Hi Andreas Fuchsberger here.....and no this is not a new Seinfield commercial! The much anticipated...
Date: 09/12/2008
Trip Report : Day Two of Gartner BPM Conference
Hi Marius here again with highlights from day 2 of the Gartner BPM conference. Back of the Napkin...
Date: 09/12/2008
Trip Report : Day One of Gartner BPM Conference
Marius Grigoriu here.... I am a Program manager with CISG and in keeping with good program...
Date: 09/12/2008
It’s All About the Persona(s)
Birm here… Has this ever happened to you? It’s happened to me. You sit down to write an...
Date: 09/12/2008
Real World XSS Vulnerabilities in ASP.NET Code
RV here again... From couple of weeks we have been seeing some XSS vulnerabilities in asp.net code....
Date: 09/10/2008
Performance Analysis Reveals Char[] Array is Better than StringBuilder
Anil Chintala here... I told you in my previous blog about AntiXSS Output Encoding methodology and...
Date: 09/09/2008
SQL Injection - Are Stored Procedures Really Safe?
Vineet Batta here.... SQL Injection explained : SQL injection attack is the way to manipulate the...
Date: 09/09/2008
Checklists and Mnemonics
Dennis Groves here.... The most common list is the to-do list, and it is the one we are all most...
Date: 09/05/2008
Doing What You Want, Not What You Have To!
Birm here..... As I go about my daily routine, I talk a lot with people directly involved in...
Date: 09/05/2008
How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect
RV again... Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we...
Date: 09/01/2008
Introduction to Dennis Groves
Dennis Groves here..... Hello, my name is Dennis Groves and I am a Program Manager in the CISG...
Date: 08/29/2008
UX ≠ UI
Hi Birm here..... My name is Ricardo Birmele, but people around here call me “Birm.” I...
Date: 08/29/2008
Output Encoding
Hi Anil Chintala here.... I am a Developer on CISG team working out of the Hyderabad campus in...
Date: 08/28/2008
UTF-8 Encoding
Hello there! My name is Andreas Fuchsberger, I am a developer in the CISG team based in Germany. I...
Date: 08/28/2008
What Does ANTI-XSS Offer for HTML Sanitization?
Hi Vineet here..... My name is Vineet Batta and in keeping with the other introductions here are a...
Date: 08/27/2008
What is the Microsoft Anti-XSS Library?
RV here..... My full name is Anil Kumar Venkata Revuru but people call me RV around here. I am a...
Date: 08/26/2008
Welcome to the CISG Blog
Mark Curphey here...... I am the Product Unit Manager (or "PUM" in MSFT speak) for the...
Date: 08/25/2008