New Security Tools - CTP Releases!

Syed Aslam Basha here from the Information Security Tools team.

CAT.NET v2.0 CTP – CAT.NET is totally revamped and it uses phoenix compiler infrastructure.

Currently, the CAT.NET v2.0 CTP has:

· New core data flow analysis engine based on Phoenix

· New configuration rules engine

· Command line interface

WPL v1.0 CTP – WPL mitigate all sorts of web application security issues. Currently, Web protection library has got AntiXSS and SQL injection modules. The configuration file generation experience has been changed (from AntiXSS v3.1) to use EntLib.

WACA v1.0 CTP - WACA analyzes application configuration for security best practices related to General Application, IIS , ASP.NET Application and SQL Server settings.  Machine can be scanned remotely to identify any misconfigurations. It provides detailed report on multiple instances of checks for further analysis. Violations in the report can be exported to Excel or Visual Studio Team Foundation Server ©.

For more information to download bits refer to my team site https://blogs.msdn.com/securitytools/archive/2009/11/11/some-new-software-security-tools-for-web-developers-ctp-releases.aspx

-Syed Aslam Basha ( syedab@microsoft.com )

Microsoft Information Security Tools (IST) Team

Test Lead