Threat Analysis & Modeling Tool - TAM 3.0
Description
Ben Livshits, from Microsoft Research, talks about the architecture behind
CAT.NET, which is a static analysis tool on Visual Studio that helps find vulnerabilities like SQL Injection, CSRF, XSS among others, within managed code.
Ben’s knowledge on static and dynamic dataflow analysis made him a key contributor on the creation of CAT.NET. He walks us through different examples of how the data analysis happens depending on complexity and explains how precision varies.
Learn more about
Microsoft Information Security Tools.
www.msinfosec.com
Share
Download
Download this episode
- High Quality WMV (124.5 MB)
- MP3 (8.1 MB)
- Low Quality MP4 (74.2 MB)
- Mid Quality WMV (143.8 MB)
- WMV (193.0 B)
More episodes in this series
SQL Detect
Related episodes
Anti-XSS 3.0 Released
Threat Modeling LOB Applications with TAM 3.0
SQL Detect
Threat Analysis & Modeling Tool - TAM 3.0
Technical Preview for CAT.NET 2.0
SDL-LOB Phase 3: Implementation
Security Design Reviews
Anti-XSS Library v3.1: Find, Fix, and Verify Errors
Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities
Silverlight 2 Security
The Discussion
-
Richard Baum Does a version of CAT.NET exist yet for VS 2010?