Threat Analysis & Modeling Tool - TAM 3.0
Download this episode
Description
Ben Livshits, from Microsoft Research, talks about the architecture behind
CAT.NET, which is a static analysis tool on Visual Studio that helps find vulnerabilities like SQL Injection, CSRF, XSS among others, within managed code.
Ben’s knowledge on static and dynamic dataflow analysis made him a key contributor on the creation of CAT.NET. He walks us through different examples of how the data analysis happens depending on complexity and explains how precision varies.
Learn more about
Microsoft Information Security Tools.
www.msinfosec.com
Share
Format
Available formats for this video:
Actual format may change based on video formats available and browser capability.
More episodes in this series
SQL Detect
Related episodes
Anti-XSS 3.0 Released
Threat Modeling LOB Applications with TAM 3.0
SQL Detect
Threat Analysis & Modeling Tool - TAM 3.0
Technical Preview for CAT.NET 2.0
SDL-LOB Phase 3: Implementation
Security Design Reviews
Anti-XSS Library v3.1: Find, Fix, and Verify Errors
Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities
Silverlight 2 Security
The Discussion
-
Richard Baum Does a version of CAT.NET exist yet for VS 2010?
Comments closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.