Jossie

Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities

Feb 25, 2010 at 12:18AM

by Jossie
Average of 5 out of 5 stars 1 rating

Sign in to rate

5 comments

Tweet

Share

Share

Play Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities

Sign in to queue

Description

Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0. It is a static analysis tool that uses the Phoenix Compiler and its data flow graph.

Anil walks us through the dataflow rules and how it uses the source sink analysis to determine if there is a vulnerability or not. He also explains how the configuration analysis works and walks through the rules where insecure conditions exist. The demo of the tool shows how the vulnerabilities are detected and how to interpret the results.

To learn more about this application, stay up to date on the latest news by following the Security Tools Team blog.

Watch related webcast
Download: CAT.NET 2.0

Tags:

cat.net, Information, information security, infosec, Security, Tools

Embed

Download

Right click to download this episode

High Quality WMV (50.9 MB)
MP3 (4.0 MB)
Low Quality MP4 (24.4 MB)
WMV (28.3 MB)

The Discussion

exoteric

At last some Phoenix news ("by proxy"). Downloading...

Last modified Feb 25, 2010 at 9:30AM
troyhunt

Can anyone advise where the download for this has gone? The link through to Microsoft Connect is returning 404.

Last modified May 24, 2010 at 1:51AM
psychopetrovich

So still noone fixed the download?

Maybe this CAT should run on this blog site to see where links are broken

Last modified Jul 08, 2010 at 9:13AM
anilkr

We were supposed to exit out of the beta with RTM released on MS.COM download center, but we faced some design challenges for external release. You can read more about our efforts on external release at https://blogs.msdn.com/b/securitytools/archive/2010/06/30/cat-net-v2-0-update.aspx.

Last modified Aug 23, 2010 at 9:41AM
tthtlc

frankly this is not worth trying:
https://www.microsoft.com/en-sg/download/details.aspx?id=19968
opensource tools (like clang-tidy from LLVM) can do much better.

Last modified Dec 15, 2018 at 11:08PM

More episodes in this series

Jossie

Using the Web Protection Library (WPL) - CTP Version

Using the Web Protection Library (WPL) - CTP Version

Jossie

Technical Preview for CAT.NET 2.0

Technical Preview for CAT.NET 2.0

Related episodes

Jossie

Technical Preview for CAT.NET 2.0

Technical Preview for CAT.NET 2.0

Jossie

Architecture Behind CAT.NET

Architecture Behind CAT.NET

Jossie

Using the Web Protection Library (WPL) - CTP Version

Using the Web Protection Library (WPL) - CTP Version

Jossie

Using Web Application Configuration Analyzer (WACA) - CTP Version

Using Web Application Configuration Analyzer (WACA) - CTP Version

Jossie

Web Application Configuration Analyzer (WACA)

Web Application Configuration Analyzer (WACA)

Jossie

Assessment and Protection Suite

Assessment and Protection Suite

Jossie

Enhanced Web Protection Library

Enhanced Web Protection Library

Jossie

Anti-XSS Library v3.1: Find, Fix, and Verify Errors

Anti-XSS Library v3.1: Find, Fix, and Verify Errors

Jossie

Connected Information Security Framework: Core Components

Connected Information Security Framework: Core Components

Jossie

CISF: Build Custom Security Solutions

CISF: Build Custom Security Solutions