Microsoft Downloads - Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP - 32 bit
“CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.
File Name: CATNETx32.msi Version: 1.1.1.9 Date Published: 6/26/2009 Language: English Download Size: 4.1 MB
CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual Basic .NET, J#) application you are developing. It does so by scanning the binary and/or assembly of the application, and tracing the data flow among its statements, methods, and assemblies. This includes indirect data types such as property assignments and instance tainting operations. The engine works by reading the target assembly and all reference assemblies used in the application -- module-by-module -- and then analyzing all of the methods contained within each. It finally displays the issues its finds in a list that you can use to jump directly to the places in your application's source code where those issues were found. The following rules are currently support by this version of the tool. - Cross Site Scripting - SQL Injection - Process Command Injection - File Canonicalization - Exception Information - LDAP Injection - XPATH Injection - Redirection to User Controlled Site [GD: Emphasis added. Description Leached in Full]”
Also available on Visual Studio Gallery - CAT.NET
“CAT.NET is a static analysis tool to analyze software security issues. It uses a tainted variable algorithm based on work from Microsoft research. It is free to download and is being actively developed by the Information Security Tools team. http://blogs.msdn.com/securitytools [GD: Description Leached in Full]”
Security help is good help… Also check out the CAT.NET posts on the Security Tools blog for some more information, MSBuild integration tips and more.
PS. Brian K, Look some J# love! ;)
No comments:
Post a Comment
NOTE: Anonymous Commenting has been turned off for a while... The comment spammers are just killing me...
ALL comments are moderated. I will review every comment before it will appear on the blog.
Your comment WILL NOT APPEAR UNTIL I approve it. This may take some hours...
I reserve, and will use, the right to not approve ANY comment for ANY reason. I will not usually, but if it's off topic, spam (or even close to spam-like), inflammatory, mean, etc, etc, well... then...
Please see my comment policy for more information if you are interested.
Thanks,
Greg
PS. I am proactively moderating comments. Your comment WILL NOT APPEAR UNTIL I approve it. This may take some hours...