This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP O2 Platform/Microsoft/CAT.NET
current O2 support
- Dedicated O2 Module O2_Scanner_MsCatNet with support for
- finding target dlls (recursive search on local directories)
- triggering scans
- converting CAT.NET Results into O2's Findings schema
description
(from CAT.NET download page) "...Code Analysis Tool for .NET is a static analysis tool to detect common software security vulnerabilities. CAT.NET 2.0 has been re-written from the ground up implementing the original tainted analysis algorithm developed by Ben Livshits but using the Phoenix compiler infrastructure to provide a solid and scalable core data flow security analysis engine. CAT.NET 2.0 will initially ship around February as a Visual Studio 2010 Power Tool, only available to customers who have a licensed copy of Visual Studio 2010 and then as an integrated part of the Visual Studio product in late 2010. ..."
download
- CAT.NET 2.0 CTP (current version) (requires registration with Microsoft)
- CAT.NET v1 CTP - 32 bit (old version)
- O2 Scanner - MsCatNet
other relevant links
- Microsoft Information Security Tools team Connect site
- Microsoft IT’s Information Security (InfoSec) group
- InfoSec A&P Suite: How to Install & Configure
- New Tool In My Pouch: CAT.NET And Anti-XSS 3.0
- InfoSec Assessment & Protection (A&P) Suite Released
- Security tools from Microsoft (Tobias had some issues running the latest version)
- from main CAT.NET Blog
- The CAT.NET 2.0 Configuration Analysis Engine
- How to Run CAT.NET 2.0 CTP
- Some New Software Security Tools for Web Developers – (CTP Releases
- Implementation Ideas for the CAT.NET 2.0 Tainted Variable Analysis Algorithm
- New Build of CAT.NET (Version - 1.1.1.9) – Please Upgrade
- Running CAT.NET as a Custom MSBuild Task
- CAT.NET – How Big Do Your Project Files Grow ?
- FxCop
- VS2010
videos
- Architecture Behind CAT.NET
- Assessment and Protection Suite -"... Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools: Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others CAT.NET Web Application Configuration Analyzer (WACA) and room for more future add-ons ..."
- MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)
- WACA & WPL
go back to the main OWASP O2 Platform page