Microsoft has released the InfoSec Assessment & Protection Suite. It’s a suite made up of protection and assessment tools which include:
- Web Protection Library (WPL) - an umbrella for several libraries and runtime modules including the Microsoft Anti-Cross Site Scripting Library v3.1 (Anti-XSS V3.1) and Security Runtime Engine (SRE). SRE helps to prevent XSS and SQL injection attacks, but instead of making changes to the code (which is manual and costly), the developer needs to make changes to the application configuration only (white list/black list).
- Code Analysis Tool for .NET (CAT.NET) - a managed code security source code scanning tool that has been totally rewritten.
- Web Application Configuration Analyzer (WACA) designed to scan your development environment against best practices for .NET security configuration, IIS settings, SQL Server Security best practices and some Windows permission settings.</ul> http://blogs.msdn.com/sdl/archive/2009/11/19/introducing-the-infosec-assessment-protection-suite.aspx How to configure WPL: http://blogs.msdn.com/securitytools/archive/2009/11/18/how-to-configure-wpl-v1-0-sre.aspx