This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP O2 Platform/Microsoft/CAT.NET"
Dinis.cruz (talk | contribs) (Created page with '== current O2 support== * Dedicated O2 Module [http://deploy.o2-ounceopen.com/O2_Scanner_MsCatNet/ O2_Scanner_MsCatNet] with support for ** finding target dlls (recursive search …') |
Dinis.cruz (talk | contribs) (→other relevant links) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
== description == | == description == | ||
+ | (from [https://connect.microsoft.com/Downloads/DownloadDetails.aspx?SiteID=734&DownloadID=23328&wa=wsignin1.0 CAT.NET download] page) | ||
+ | |||
+ | ''"...Code Analysis Tool for .NET is a static analysis tool to detect common software security vulnerabilities. CAT.NET 2.0 has been re-written from the ground up implementing the original tainted analysis algorithm developed by Ben Livshits but using the Phoenix compiler infrastructure to provide a solid and scalable core data flow security analysis engine. CAT.NET 2.0 will initially ship around February as a Visual Studio 2010 Power Tool, only available to customers who have a licensed copy of Visual Studio 2010 and then as an integrated part of the Visual Studio product in late 2010. ..." | ||
+ | '' | ||
== download== | == download== | ||
− | * [https://connect.microsoft.com/Downloads/DownloadDetails.aspx?SiteID=734&DownloadID=23328 CAT.NET 2.0 CTP (current version)] (requires registration with Microsoft) | + | * [https://connect.microsoft.com/Downloads/DownloadDetails.aspx?SiteID=734&DownloadID=23328 CAT.NET 2.0 CTP (current version)] (requires registration with Microsoft) , .NET Framework 4.0 |
− | * [http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en CAT.NET v1 CTP - 32 bit (old version)] | + | * [http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en CAT.NET v1 CTP - 32 bit (old version)] , .NET Framework 2.0 |
− | * [http://deploy.o2-ounceopen.com/O2_Scanner_MsCatNet/ O2 Scanner - MsCatNet] | + | * [http://deploy.o2-ounceopen.com/O2_Scanner_MsCatNet/ O2 Scanner - MsCatNet] |
+ | |||
+ | == other relevant links== | ||
+ | * [https://connect.microsoft.com/site/sitehome.aspx?SiteID=734 Microsoft Information Security Tools team Connect site] | ||
+ | * [http://msdn.microsoft.com/en-us/security/dd547422.aspx Microsoft IT’s Information Security (InfoSec) group] | ||
+ | * [[:Category:OWASP_.NET_Project|OWASP .NET Project]] | ||
== related blog posts == | == related blog posts == | ||
* [http://blogs.msdn.com/ace_team/archive/2009/11/30/infosec-a-p-suite-how-to-install-configure-the-tools.aspx InfoSec A&P Suite: How to Install & Configure] | * [http://blogs.msdn.com/ace_team/archive/2009/11/30/infosec-a-p-suite-how-to-install-configure-the-tools.aspx InfoSec A&P Suite: How to Install & Configure] | ||
* [http://it.toolbox.com/blogs/programming-life/new-tool-in-my-pouch-catnet-and-antixss-30--35613 New Tool In My Pouch: CAT.NET And Anti-XSS 3.0] | * [http://it.toolbox.com/blogs/programming-life/new-tool-in-my-pouch-catnet-and-antixss-30--35613 New Tool In My Pouch: CAT.NET And Anti-XSS 3.0] | ||
+ | * [http://blogs.msdn.com/infosec/archive/2009/11/16/infosec-assessment-protection-a-p-suite-released.aspx InfoSec Assessment & Protection (A&P) Suite Released] | ||
* [http://teamfoundationserver.wordpress.com/2009/11/25/security-tools-from-microsoft/ Security tools from Microsoft] (Tobias had some issues running the latest version) | * [http://teamfoundationserver.wordpress.com/2009/11/25/security-tools-from-microsoft/ Security tools from Microsoft] (Tobias had some issues running the latest version) | ||
+ | * from main CAT.NET Blog | ||
+ | ** [http://blogs.msdn.com/securitytools/archive/2009/12/01/the-cat-net-2-0-configuration-analysis-engine.aspx The CAT.NET 2.0 Configuration Analysis Engine] | ||
+ | ** [http://blogs.msdn.com/securitytools/archive/2009/11/12/how-to-run-cat-net-2-0-ctp.aspx How to Run CAT.NET 2.0 CTP] | ||
+ | ** [http://blogs.msdn.com/securitytools/archive/2009/11/11/some-new-software-security-tools-for-web-developers-ctp-releases.aspx Some New Software Security Tools for Web Developers – (CTP Releases] | ||
+ | ** [http://blogs.msdn.com/securitytools/archive/2009/07/08/implementation-ideas-for-the-cat-net-2-0-tainted-variable-analysis-algorithm.aspx Implementation Ideas for the CAT.NET 2.0 Tainted Variable Analysis Algorithm] | ||
+ | ** [http://blogs.msdn.com/securitytools/archive/2009/06/27/new-build-of-cat-net-version-1-1-1-9-please-upgrade.aspx New Build of CAT.NET (Version - 1.1.1.9) – Please Upgrade] | ||
+ | ** [http://blogs.msdn.com/securitytools/archive/2009/06/01/running-cat-net-as-a-custom-msbuild-task.aspx Running CAT.NET as a Custom MSBuild Task] | ||
+ | ** [http://blogs.msdn.com/securitytools/archive/2009/05/20/cat-net-how-big-do-your-project-files-grow.aspx CAT.NET – How Big Do Your Project Files Grow ?] | ||
+ | * FxCop | ||
+ | ** [http://burgerminds.wordpress.com/2009/06/28/fxcop-stylecop/ FxCop & StyleCop] | ||
+ | * VS2010 | ||
+ | ** [http://rcosic.wordpress.com/2009/04/06/code-analysis-in-visual-studio-2010/ Code Analysis in Visual Studio 2010] | ||
+ | |||
== videos== | == videos== | ||
+ | * [http://channel9.msdn.com/posts/Jossie/Architecture-behind-CATNET/ Architecture Behind CAT.NET] | ||
* [http://channel9.msdn.com/posts/Jossie/Assessment-and-Protection-Suite/ Assessment and Protection Suite] -''"... Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools: Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others CAT.NET Web Application Configuration Analyzer (WACA) and room for more future add-ons ..."'' | * [http://channel9.msdn.com/posts/Jossie/Assessment-and-Protection-Suite/ Assessment and Protection Suite] -''"... Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools: Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others CAT.NET Web Application Configuration Analyzer (WACA) and room for more future add-ons ..."'' | ||
* [http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032398772&CountryCode=US MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)] | * [http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032398772&CountryCode=US MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)] | ||
+ | * WACA & WPL | ||
+ | ** [http://channel9.msdn.com/posts/Jossie/Web-Application-Configuration-Analizer-WACA Using Web Application Configuration Analyzer (WACA) - CTP Version] | ||
+ | ** [http://channel9.msdn.com/posts/Jossie/Web-Application-Configuration-Analyzer-WACA Web Application Configuration Analyzer (WACA)] | ||
+ | ** [http://channel9.msdn.com/posts/Jossie/Enhanced-Web-Protection-Library/ Enhanced Web Protection Library] | ||
+ | ** [http://channel9.msdn.com/posts/Jossie/Using-the-Web-Protection-Library-WPL-CTP-Version/ Using the Web Protection Library (WPL) - CTP Version] | ||
{{:OWASP_O2_Platform/WIKI/bottom}} | {{:OWASP_O2_Platform/WIKI/bottom}} |
Latest revision as of 13:19, 4 December 2009
current O2 support
- Dedicated O2 Module O2_Scanner_MsCatNet with support for
- finding target dlls (recursive search on local directories)
- triggering scans
- converting CAT.NET Results into O2's Findings schema
description
(from CAT.NET download page)
"...Code Analysis Tool for .NET is a static analysis tool to detect common software security vulnerabilities. CAT.NET 2.0 has been re-written from the ground up implementing the original tainted analysis algorithm developed by Ben Livshits but using the Phoenix compiler infrastructure to provide a solid and scalable core data flow security analysis engine. CAT.NET 2.0 will initially ship around February as a Visual Studio 2010 Power Tool, only available to customers who have a licensed copy of Visual Studio 2010 and then as an integrated part of the Visual Studio product in late 2010. ..."
download
- CAT.NET 2.0 CTP (current version) (requires registration with Microsoft) , .NET Framework 4.0
- CAT.NET v1 CTP - 32 bit (old version) , .NET Framework 2.0
- O2 Scanner - MsCatNet
other relevant links
- Microsoft Information Security Tools team Connect site
- Microsoft IT’s Information Security (InfoSec) group
- OWASP .NET Project
- InfoSec A&P Suite: How to Install & Configure
- New Tool In My Pouch: CAT.NET And Anti-XSS 3.0
- InfoSec Assessment & Protection (A&P) Suite Released
- Security tools from Microsoft (Tobias had some issues running the latest version)
- from main CAT.NET Blog
- The CAT.NET 2.0 Configuration Analysis Engine
- How to Run CAT.NET 2.0 CTP
- Some New Software Security Tools for Web Developers – (CTP Releases
- Implementation Ideas for the CAT.NET 2.0 Tainted Variable Analysis Algorithm
- New Build of CAT.NET (Version - 1.1.1.9) – Please Upgrade
- Running CAT.NET as a Custom MSBuild Task
- CAT.NET – How Big Do Your Project Files Grow ?
- FxCop
- VS2010
videos
- Architecture Behind CAT.NET
- Assessment and Protection Suite -"... Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools: Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others CAT.NET Web Application Configuration Analyzer (WACA) and room for more future add-ons ..."
- MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)
- WACA & WPL
go back to the main OWASP O2 Platform page