Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Activity Profile

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities

Posted: Feb 25, 2010 at 12:18 AM
By: Jossie
Avg Rating: 5

(1)
9,490 Views
4 Comments
reddit

Tweet

8 minutes, 42 seconds

format
< > embed
+ queue

Sign In first to access your queue.
Close

Sorry, video was not added to the queue, an error occurred. Please Contact Us and let us know.
Close

Embed code for this video

Copy the code above to embed our video on your website/blog.

Video format

Option selected may change based on video formats available and browser capability.

Auto
Use our suggested format for this video.
Smooth Streaming
Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth. Silverlight 5 required
Progressive
Traditional buffered video format. Silverlight 5 required
HTML5
For browsers that support H.264 MP4 or WebM video playback such as:
IE9+, Firefox 4+, Chrome 5+, or Safari 4+.
Flash
For browsers that have the Adobe Flash Player plugin installed.

Download

Right click “Save as…”

High Quality WMV (PC, Xbox, MCE)

File size
50.9 MB
MP3 (Audio only)

File size
4.0 MB
MP4 (iPod, Zune HD)

File size
24.4 MB
WMV (WMV Video)

File size
28.3 MB

Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0. It is a static analysis tool that uses the Phoenix Compiler and its data flow graph.

Anil walks us through the dataflow rules and how it uses the source sink analysis to determine if there is a vulnerability or not. He also explains how the configuration analysis works and walks through the rules where insecure conditions exist. The demo of the tool shows how the vulnerabilities are detected and how to interpret the results.

To learn more about this application, stay up to date on the latest news by following the Security Tools Team blog.

Watch related webcast
Download: CAT.NET 2.0

Follow the Discussion

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following these comments

Start following these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this comments

exoteric

Feb 25, 2010 at 9:30 AM

At last some Phoenix news ("by proxy"). Downloading...
troyhunt

May 24, 2010 at 1:51 AM

Can anyone advise where the download for this has gone? The link through to Microsoft Connect is returning 404.
psychopetrovich

Jul 08, 2010 at 9:13 AM

So still noone fixed the download?

Maybe this CAT should run on this blog site to see where links are broken
anilkr

Aug 23, 2010 at 9:41 AM

We were supposed to exit out of the beta with RTM released on MS.COM download center, but we faced some design challenges for external release. You can read more about our efforts on external release at http://blogs.msdn.com/b/securitytools/archive/2010/06/30/cat-net-v2-0-update.aspx.

Remove this comment

Remove this thread

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.