Jossie
-
Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security VulnerabilitiesAnil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0. It is a static analysis tool that uses the Phoenix Compiler and its data flow graph.
Anil walks us through the dataflow rules and how it uses...
-
Technical Preview for CAT.NET 2.0Maqbool Malik and Anil Revuru (RV), from Microsoft Information Security, talk about the newly designed version of CAT.NET which will be part of the Assessment & Protection (A&P) suite.
CAT.NET is a static analysis tool on Visual Studio that helps find vulnerabilities like SQL... -
Using the Web Protection Library (WPL) - CTP VersionAnil Revuru (RV), from Microsoft Information Security, walks us through the expansion of what used to be the Anti-XSS Library. This enhanced version of the library will introduce mitigation to other attacks like:
- SQL Injection
- Cross-Site Request Forgery (CSRF)
- Setting Enforcement...
-
Using Web Application Configuration Analyzer (WACA) - CTP VersionAnil Revuru (RV), from Microsoft Information Security, walks us through a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it. For more info watch the Assessment & Protection (A&P) Suite video.
WACA is designed... -
Web Application Configuration Analyzer (WACA)Anil Revuru (RV), from Microsoft Information Security, introduces a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it. For more info watch the Assessment & Protection (A&P) Suite video.
WACA is designed to scan... -
Assessment and Protection SuiteAnil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools:
- Web Protection...
-
Enhanced Web Protection LibraryAnil Revuru (RV), from Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS) attacks. This enhanced version of the library will introduce mitigation to other attacks like:
- SQL Injection...
-
Anti-XSS Library v3.1: Find, Fix, and Verify ErrorsAnil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.
He talks... -
Connected Information Security Framework: Core ComponentsMarius Grigoriu and Vineet Batta, from Microsoft Information Security, talk about the technical components for the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create...
-
CISF: Build Custom Security SolutionsMark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom...
Staff
Here is a list of Channel 9 staff members.
SQL Detect
Jan 07, 2010 at 7:09 PMTry again, it was the site, but it works again. Thanks!
Anti-XSS Library v3.1: Find, Fix, and Verify Errors
Nov 11, 2009 at 9:53 AMHi Tavis, try playing the video now. Usually it is not the video but the site. When you see that message come back to the video later and it tends to be fixed. It worked for me now. Let me know!
SDL-LOB Phase 3: Implementation
Jul 22, 2009 at 12:48 AMZian,
Phase 1: Risk Assessment is on Edge & Phase 2: Design is here as Security Design Reviews, this last one I highly recommend!
Security Design Reviews
Jun 29, 2009 at 12:46 PMFixed! Thanks Zian!