Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities

Play Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities
Sign in to queue


Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0.  It is a static analysis tool that uses the Phoenix Compiler and its data flow graph.

Anil walks us through the dataflow rules and how it uses the source sink analysis to determine if there is a vulnerability or not. He also explains how the configuration analysis works and walks through the rules where insecure conditions exist. The demo of the tool shows how the vulnerabilities are detected and how to interpret the results.

To learn more about this application, stay up to date on the latest news by following the Security Tools Team blog.

Watch related webcast
Download: CAT.NET 2.0



Download this episode

The Discussion

Add Your 2 Cents