Compartir a través de

Web Application Configuration Analyzer v1.0 RTW is live!

  • Artículo

I am excited to announce the release of Web Application Configuration Analyzer v1.0 tool. The following is the quick overview of the tool and its features.

Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can also be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks are not as applicable for developers). The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications. The Deployment Review standards themselves were derived from content released by Microsoft Patterns & Practices, in particular: Improving Web Application Security: Threats and Countermeasures available at: https://msdn.microsoft.com/en-us/library/ms994921.aspx. It uses an agent-less scan that requires the user to have admin privileges on the target server, as well as any SQL Server instances running on that machine.

  • Scan a machine for more than 140 rules
  • Generate HTML based reports
  • Compare two scans to view the differences
  • Export results to Excel
  • Export results to Team Foundation Server

You can download the tool from https://www.microsoft.com/downloads/en/details.aspx?FamilyID=60585590-57df-4fc1-8f0c-05a286059406. You can view a demo of the tool in this channel9 screencast.

Thanks
Anil RV

Comments

  • Anonymous
    September 21, 2010
    The comment has been removed
  • Anonymous
    September 21, 2010
    Same here. Locale is nl-nl. Would be nice if I can do something with the results :-)
  • Anonymous
    September 22, 2010
    Guys, we are working on a fix for non en-us cultures. Please note that it will now handle other cultures, but will still display everything in english.ThanksAnil
  • Anonymous
    September 22, 2010
    English is no issue, as long as it shows the report. Thanks!
  • Anonymous
    September 23, 2010
    There is a new release that is just published today which addresses this issue. Please let me know if that does not work.ThanksAnil