Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This Blog URL Has Changed – Please Update Your Readers
Things have been quite on the blog for while. There is a LOT of code being cranked out at the moment...
Date: 04/16/2009
CAT.NET New Build – 1.1.1.8
Mainly small bug fixes and a new feature to export the findings into an Excel spreadsheet. Download...
Date: 03/20/2009
Getting Help for CAT.NET and Anti-XSS
We now have a discussion forum for users of CAT.NET. There is no official support for these tools...
Date: 02/23/2009
MSDN Webcast: Software Security with Static Code Analysis Using CAT.NET (Level 200)
Event Overview In this webcast, we provide an overview of what static code analysis is and typical...
Date: 02/16/2009
AntiXSS Library V3.0 - Test Harness
Hi, Anil Chintala here… In this post I wanted to talk about the new Test Harness application...
Date: 01/19/2009
Free MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)
Language(s): English. Product(s): Security. Audience(s): Developer. Duration: 60 Minutes Start Date:...
Date: 01/04/2009
Merlin: Better Specifications for CAT.NET
Guest post by Ben Livshits of Microsoft Research here.... In the last several years we have seen a...
Date: 01/02/2009
Security Code Review Using CAT.NET - Part 2
Hi Andreas Fuchsberger here again...... How does CAT.NET work? As I mentioned in Part 1 here,...
Date: 12/22/2008
Security Code Review Using CAT.NET - Part 1
Hi Andreas Fuchsberger here … To coincide with the CTP release of CAT.NET and Anti-XSS, within...
Date: 12/22/2008
CAT.NET CTP Links Are Live Again!
Download CAT.NET CTP (32 bit here and 64 bit here) Anti-XSS was not affected but for completeness...
Date: 12/17/2008
CAT.NET Status Update
12 pm PST 17th, December. We continue to face issues with the download links. We are doing...
Date: 12/17/2008
Secure String in .Net - Part II
Hi Gaurav Sharma here with more information about SecureStrings. This time I'll cover following...
Date: 12/17/2008
Download Problem for CAT.NET - Status Update
We are continuing to experience problems with the 32 bit download link for CAT.NET. We now estimate...
Date: 12/16/2008
Download Problem for CAT.NET - Status Update
We are continuing to experience problem with the links to download CAT.NET. We estimate a fix by 5pm...
Date: 12/16/2008
How the Anti-XSS 3.0 SRE Works
RV again... Last time around we looked at SRE from a conceptual perspective, this time lets look at...
Date: 12/16/2008
Anti-XSS 3.0 Beta and CAT.NET Community Technology Preview now Live!
Mark Curphey here..... I am delighted to say that we have released two new free tools. Download...
Date: 12/15/2008
An Update on Some Upcoming Free Tools
Mark Curphey here..... If the economy is getting you down here is some good news. We may have been...
Date: 11/13/2008
Using Role Based Access Control in the .NET Framework - Part 2
Vineet Batta here again.. In my last blog I discussed how to use role based access control (RBAC)...
Date: 10/29/2008
Using Role Based Access Control in the .NET Framework - Part 1
Hi Vineet Batta here.. Consider a scenario where you want to write an assembly which contains...
Date: 10/28/2008
ISO/IEC JTC 1/SC 27 - Working Group - Trip Report
Hi Andreas Fuchsberger here again.... Introduction The most recent ISO/IEC JTC1/SC 27 (Subcommittee)...
Date: 10/24/2008
ISO SC27 Introduction and History
Hi Andreas Fuchsberger here..... In order to better understand a report I am about to post next on a...
Date: 10/24/2008
A Sneak Peak at the Security Runtime Engine
RV here again... Traditionally security fixes are applied to specific pieces of code where a...
Date: 10/24/2008
Introducing SecurityNow
Mark Curphey here..... A few months back I challenged some of my team to build a "Proof of...
Date: 10/17/2008
Secure Strings in .NET - Part I
Hi Gaurav Sharma here....... I am a developer on the CISG India team based in Hyderabad and I joined...
Date: 10/08/2008
ASP.NET Data Binding and AntiXss Encoding
Hi RV here again... Last time I looked at ASP.NET controls and few common scenarios where you need...
Date: 10/01/2008
Beauty Aint Necessarily in the Eye of the Beholder
There's a truism that says, "beauty is in the eye of the beholder." I'm...
Date: 09/21/2008
Obfuscation Explained...
Hi Vineet Batta here.... Background Programs written for .NET are relatively easy to reverse...
Date: 09/19/2008
Client-Side Scripting Languages Support in AntiXSS
Anil Chintala here... Recently I was asked about a question on client-side scripting language...
Date: 09/18/2008
Which ASP.NET Controls Need HTML Encoding?
RV here... Last time we saw some some real world XSS examples. This time we will look at which...
Date: 09/17/2008
Trip Report : Day Three of Gartner BPM Conference
Marius here again..... Highlights: On average, 80% of the IT budget goes toward maintenance and only...
Date: 09/16/2008
There's a LOT More to Building Security Software than Software Security
Mark Curphey here..... I often get asked exactly what I do for a living at Microsoft. Many people...
Date: 09/16/2008
Designing Whole Systems
Hi Dennis Groves here...... Recently I was questioned over a comment I made about a USB key being...
Date: 09/12/2008
How Do you Get from Theoretical Physics to Information Security?
Hi Andreas Fuchsberger here.....and no this is not a new Seinfield commercial! The much anticipated...
Date: 09/12/2008
Trip Report : Day Two of Gartner BPM Conference
Hi Marius here again with highlights from day 2 of the Gartner BPM conference. Back of the Napkin...
Date: 09/12/2008
Trip Report : Day One of Gartner BPM Conference
Marius Grigoriu here.... I am a Program manager with CISG and in keeping with good program...
Date: 09/12/2008
It’s All About the Persona(s)
Birm here… Has this ever happened to you? It’s happened to me. You sit down to write an...
Date: 09/12/2008
Real World XSS Vulnerabilities in ASP.NET Code
RV here again... From couple of weeks we have been seeing some XSS vulnerabilities in asp.net code....
Date: 09/10/2008
Performance Analysis Reveals Char[] Array is Better than StringBuilder
Anil Chintala here... I told you in my previous blog about AntiXSS Output Encoding methodology and...
Date: 09/09/2008
SQL Injection - Are Stored Procedures Really Safe?
Vineet Batta here.... SQL Injection explained : SQL injection attack is the way to manipulate the...
Date: 09/09/2008
Checklists and Mnemonics
Dennis Groves here.... The most common list is the to-do list, and it is the one we are all most...
Date: 09/05/2008
Doing What You Want, Not What You Have To!
Birm here..... As I go about my daily routine, I talk a lot with people directly involved in...
Date: 09/05/2008
How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect
RV again... Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we...
Date: 09/01/2008
Introduction to Dennis Groves
Dennis Groves here..... Hello, my name is Dennis Groves and I am a Program Manager in the CISG...
Date: 08/29/2008
UX ≠ UI
Hi Birm here..... My name is Ricardo Birmele, but people around here call me “Birm.” I...
Date: 08/29/2008
Output Encoding
Hi Anil Chintala here.... I am a Developer on CISG team working out of the Hyderabad campus in...
Date: 08/28/2008
UTF-8 Encoding
Hello there! My name is Andreas Fuchsberger, I am a developer in the CISG team based in Germany. I...
Date: 08/28/2008
What Does ANTI-XSS Offer for HTML Sanitization?
Hi Vineet here..... My name is Vineet Batta and in keeping with the other introductions here are a...
Date: 08/27/2008
What is the Microsoft Anti-XSS Library?
RV here..... My full name is Anil Kumar Venkata Revuru but people call me RV around here. I am a...
Date: 08/26/2008
Welcome to the CISG Blog
Mark Curphey here...... I am the Product Unit Manager (or "PUM" in MSFT speak) for the...
Date: 08/25/2008