I wrote about the CAT.NET tools earlier in a blog entry, which performs static analysis of .NET code. The signature used in the code checks against various parameters in the .NET code. Microsoft released another tool to check the web applications using the same set of signatures. This new tool, WACA CTP, can be used to scan the web applications, the signature consists of around 100 IIS, ASP.NET and SQL Server settings.
Microsoft has developed a variety of tools to help developers and testers to identify vulnerabilities, it is up to the organizations and the application development team to take the lead and implement secure coding and testing practices. There is no excuse not to do it.
No comments:
Post a Comment