Ben Livshits, from Microsoft Research, talks about the architecture behind
CAT.NET, which is a static analysis tool on Visual Studio that helps find vulnerabilities like SQL Injection, CSRF, XSS among others, within managed code.
Ben’s knowledge on static and dynamic dataflow analysis made him a key contributor on the creation of CAT.NET. He walks us through different examples of how the data analysis happens depending on complexity and explains how precision varies.
Learn more about Microsoft Information Security Tools.