The Connected Information Security Group

This Blog URL Has Changed – Please Update Your Readers

Things have been quite on the blog for while. There is a LOT of code being cranked out at the moment...

Author: cisg Date: 04/16/2009

CAT.NET New Build – 1.1.1.8

Mainly small bug fixes and a new feature to export the findings into an Excel spreadsheet. Download...

Author: cisg Date: 03/20/2009

Getting Help for CAT.NET and Anti-XSS

We now have a discussion forum for users of CAT.NET. There is no official support for these tools...

Author: cisg Date: 02/23/2009

MSDN Webcast: Software Security with Static Code Analysis Using CAT.NET (Level 200)

Event Overview In this webcast, we provide an overview of what static code analysis is and typical...

Author: cisg Date: 02/16/2009

AntiXSS Library V3.0 - Test Harness

Hi, Anil Chintala here… In this post I wanted to talk about the new Test Harness application...

Author: cisg Date: 01/19/2009

Current Memory Limitations of CAT.NET

Hi, Andreas Fuchsberger here..... It is important to understand what happens CAT.NET builds its Call...

Author: cisg Date: 01/12/2009

Free MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)

Language(s): English. Product(s): Security. Audience(s): Developer. Duration: 60 Minutes Start Date:...

Author: cisg Date: 01/04/2009

Merlin: Better Specifications for CAT.NET

Guest post by Ben Livshits of Microsoft Research here.... In the last several years we have seen a...

Author: cisg Date: 01/02/2009

Security Code Review Using CAT.NET - Part 2

Hi Andreas Fuchsberger here again...... How does CAT.NET work? As I mentioned in Part 1 here,...

Author: cisg Date: 12/22/2008

Security Code Review Using CAT.NET - Part 1

Hi Andreas Fuchsberger here … To coincide with the CTP release of CAT.NET and Anti-XSS, within...

Author: cisg Date: 12/22/2008

Download CAT.NET CTP (32 bit here and 64 bit here) Anti-XSS was not affected but for completeness...

Author: cisg Date: 12/17/2008

CAT.NET Status Update

12 pm PST 17th, December. We continue to face issues with the download links. We are doing...

Author: cisg Date: 12/17/2008

Secure String in .Net - Part II

Hi Gaurav Sharma here with more information about SecureStrings. This time I'll cover following...

Author: cisg Date: 12/17/2008

Download Problem for CAT.NET - Status Update

We are continuing to experience problems with the 32 bit download link for CAT.NET. We now estimate...

Author: cisg Date: 12/16/2008

Download Problem for CAT.NET - Status Update

We are continuing to experience problem with the links to download CAT.NET. We estimate a fix by 5pm...

Author: cisg Date: 12/16/2008

How the Anti-XSS 3.0 SRE Works

RV again... Last time around we looked at SRE from a conceptual perspective, this time lets look at...

Author: cisg Date: 12/16/2008

Anti-XSS 3.0 Beta and CAT.NET Community Technology Preview now Live!

Mark Curphey here..... I am delighted to say that we have released two new free tools. Download...

Author: cisg Date: 12/15/2008

An Update on Some Upcoming Free Tools

Mark Curphey here..... If the economy is getting you down here is some good news. We may have been...

Author: cisg Date: 11/13/2008

Using Role Based Access Control in the .NET Framework - Part 2

Vineet Batta here again.. In my last blog I discussed how to use role based access control (RBAC)...

Author: cisg Date: 10/29/2008

Using Role Based Access Control in the .NET Framework - Part 1

Hi Vineet Batta here.. Consider a scenario where you want to write an assembly which contains...

Author: cisg Date: 10/28/2008

ISO/IEC JTC 1/SC 27 - Working Group - Trip Report

Hi Andreas Fuchsberger here again.... Introduction The most recent ISO/IEC JTC1/SC 27 (Subcommittee)...

Author: cisg Date: 10/24/2008

ISO SC27 Introduction and History

Hi Andreas Fuchsberger here..... In order to better understand a report I am about to post next on a...

Author: cisg Date: 10/24/2008

A Sneak Peak at the Security Runtime Engine

RV here again... Traditionally security fixes are applied to specific pieces of code where a...

Author: cisg Date: 10/24/2008

Introducing SecurityNow

Mark Curphey here..... A few months back I challenged some of my team to build a "Proof of...

Author: cisg Date: 10/17/2008

Secure Strings in .NET - Part I

Hi Gaurav Sharma here....... I am a developer on the CISG India team based in Hyderabad and I joined...

Author: cisg Date: 10/08/2008

ASP.NET Data Binding and AntiXss Encoding

Hi RV here again... Last time I looked at ASP.NET controls and few common scenarios where you need...

Author: cisg Date: 10/01/2008

Beauty Aint Necessarily in the Eye of the Beholder

There's a truism that says, "beauty is in the eye of the beholder."    I'm...

Author: cisg Date: 09/21/2008

Obfuscation Explained...

Hi Vineet Batta here.... Background Programs written for .NET are relatively easy to reverse...

Author: cisg Date: 09/19/2008

Client-Side Scripting Languages Support in AntiXSS

Anil Chintala here... Recently I was asked about a question on client-side scripting language...

Author: cisg Date: 09/18/2008

Which ASP.NET Controls Need HTML Encoding?

RV here... Last time we saw some some real world XSS examples. This time we will look at which...

Author: cisg Date: 09/17/2008

Trip Report : Day Three of Gartner BPM Conference

Marius here again..... Highlights: On average, 80% of the IT budget goes toward maintenance and only...

Author: cisg Date: 09/16/2008

There's a LOT More to Building Security Software than Software Security

Mark Curphey here..... I often get asked exactly what I do for a living at Microsoft. Many people...

Author: cisg Date: 09/16/2008

Designing Whole Systems

Hi Dennis Groves here...... Recently I was questioned over a comment I made about a USB key being...

Author: cisg Date: 09/12/2008

How Do you Get from Theoretical Physics to Information Security?

Hi Andreas Fuchsberger here.....and no this is not a new Seinfield commercial! The much anticipated...

Author: cisg Date: 09/12/2008

Trip Report : Day Two of Gartner BPM Conference

Hi Marius here again with highlights from day 2 of the Gartner BPM conference. Back of the Napkin...

Author: cisg Date: 09/12/2008

Trip Report : Day One of Gartner BPM Conference

Marius Grigoriu here.... I am a Program manager with CISG and in keeping with good program...

Author: cisg Date: 09/12/2008

It’s All About the Persona(s)

Birm here… Has this ever happened to you? It’s happened to me. You sit down to write an...

Author: cisg Date: 09/12/2008

Real World XSS Vulnerabilities in ASP.NET Code

RV here again... From couple of weeks we have been seeing some XSS vulnerabilities in asp.net code....

Author: cisg Date: 09/10/2008

Performance Analysis Reveals Char[] Array is Better than StringBuilder

Anil Chintala here... I told you in my previous blog about AntiXSS Output Encoding methodology and...

Author: cisg Date: 09/09/2008

SQL Injection - Are Stored Procedures Really Safe?

Vineet Batta here.... SQL Injection explained : SQL injection attack is the way to manipulate the...

Author: cisg Date: 09/09/2008

Checklists and Mnemonics

Dennis Groves here.... The most common list is the to-do list, and it is the one we are all most...

Author: cisg Date: 09/05/2008

Doing What You Want, Not What You Have To!

Birm here..... As I go about my daily routine, I talk a lot with people directly involved in...

Author: cisg Date: 09/05/2008

How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect

RV again... Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we...

Author: cisg Date: 09/01/2008

Introduction to Dennis Groves

Dennis Groves here..... Hello, my name is Dennis Groves and I am a Program Manager in the CISG...

Author: cisg Date: 08/29/2008

UX ≠ UI

Hi Birm here..... My name is Ricardo Birmele, but people around here call me “Birm.” I...

Author: cisg Date: 08/29/2008

Output Encoding

Hi Anil Chintala here.... I am a Developer on CISG team working out of the Hyderabad campus in...

Author: cisg Date: 08/28/2008

UTF-8 Encoding

Hello there! My name is Andreas Fuchsberger, I am a developer in the CISG team based in Germany. I...

Author: cisg Date: 08/28/2008

What Does ANTI-XSS Offer for HTML Sanitization?

Hi Vineet here..... My name is Vineet Batta and in keeping with the other introductions here are a...

Author: cisg Date: 08/27/2008

What is the Microsoft Anti-XSS Library?

RV here..... My full name is Anil Kumar Venkata Revuru but people call me RV around here. I am a...

Author: cisg Date: 08/26/2008

Welcome to the CISG Blog

Mark Curphey here...... I am the Product Unit Manager (or "PUM" in MSFT speak) for the...

Author: cisg Date: 08/25/2008

Next>