As is expected from VsLive - it was another great conference! Thanks to all that attended. If you have any questions about the content be sure to email me (first.last@gmail)
Please find the code and slides to the following talks:
Hack Proofing your Web Applications
and
Entity Framework 4.3 for Real Web Applications
Also note that on pluralsight.com I have a five hour security session that goes quite a bit more in-depth than what I could do in 1.25 hours
That is available at:
Hack Proofing
Saturday, March 31, 2012
Thursday, March 29, 2012
FX Cop for security and Running CAT.NET in Visual Studio 2010
There's a great security tool out there CAT.NET from Microsoft which used the fxcop rule engine to analyze your projects for potential security issues. Cross-site scripting (XSS) and SQL Injection are just a couple of the items it checks for.
Also of separate note is a great fxcop ruleset on code plex -
FxCop ASP.NET Security Rules
Unfortunately there hasn't been a new release in some time. I initially tried to get it running in Visual Studio 2010 and it was crashing on me, however I've since been able to get it to work with the help from this stack overflow posting:
The CAT.NET Download links are as follows for version 1.1.1.9
32-Bit available here
64-Bit available here
Once downloaded, follow the directions below
Now you can execute the tool under Tools -> CAT.NET Code Analysis
Thats all - check it out in action:
Also of separate note is a great fxcop ruleset on code plex -
FxCop ASP.NET Security Rules
Unfortunately there hasn't been a new release in some time. I initially tried to get it running in Visual Studio 2010 and it was crashing on me, however I've since been able to get it to work with the help from this stack overflow posting:
The CAT.NET Download links are as follows for version 1.1.1.9
32-Bit available here
64-Bit available here
Once downloaded, follow the directions below
While they haven't released the new version, the good news is you can still use the old Add-in for CAT.NET 1.1.1.9 in Visual Studio 2010. All that is required is editing the default AddIn file to tell it to support the new version. The file is installed to: %APPDATA%\Microsoft\MSEnvShared\Addins\Microsoft.ACESec.CATNet.AddIn. You can open it in a text editor and add a new node for10.0 After you edit the file, just restart Visual Studio and you should be all set. If the AddIn file is not there, it should be in one of the locations specified in you VS Settings under Tools > Options > Environment > Add-ins / Macro Security.
Now you can execute the tool under Tools -> CAT.NET Code Analysis
Thats all - check it out in action:
Subscribe to:
Posts (Atom)