Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities
- Posted: Feb 25, 2010 at 12:18AM
- 12,094 views
- 4 comments
Loading user information from Channel 9
Something went wrong getting user information from Channel 9
Loading user information from MSDN
Something went wrong getting user information from MSDN
Loading Visual Studio Achievements
Something went wrong getting the Visual Studio Achievements
Right click “Save as…”
Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0. It is a static analysis tool that uses the Phoenix Compiler and its data flow graph.
Anil walks us through the dataflow rules and how it uses the source sink analysis to determine if there is a vulnerability or not. He also explains how the configuration analysis works and walks through the rules where insecure conditions exist. The demo
of the tool shows how the vulnerabilities are detected and how to interpret the results.
To learn more about this application, stay up to date on the latest news by following the Security Tools Team blog.
Watch related webcast
Download: CAT.NET 2.0