Security tools from Microsoft

We are currently looking for some tool to help us find weaknesses in our code. There is not lots of options currently on the market. A tool we are looking on is and, but who does best work on code? Biggest advantage for Fortify is that it supports many different languages, but damn it is really expensive tools.

Microsoft is  planning to release their Security Tools but i think they are currently on early stage.

  • CAT.NET – the managed code security source code scanning tool
  • WACA – Web Application Configuration Analyzer
  • WPL – Web Protection Library (formerly Anti-XSS)
  • TAM – Threat Modeling and Analysis tool
    Only tool i tried to so far is CAT.NET but something is going terribly wrong when i run test on code (see error below), but i think this is a great initiative from Microsoft. What is wrong with my pdb, think is have wrong paths set or something…

Error from my run CAT.NET  

    C:\Program Files (x86)\Microsoft Information Security\Microsoft Code Analysis for .NET (CAT.NET) v2.0>CATNetCmd.exe /fil
    e:c:\aDLLFILE.dll /configdir:C:\myPathToFolder
    Microsoft (r) Code Analysis Tool for .NET (CAT.NET) Tool
    Copyright (c) Microsoft Corporation 2009.  All rights reserved.

    Running in 32-bit mode

    2009-11-25 13:17 : Information : Loading analysis rules…done.
    2009-11-25 13:17 : Information : Total 40 rules loaded by the engine.
    2009-11-25 13:17 : Information : Processing analysis rules…
    2009-11-25 13:17 : Information : Initializing configuration analysis engine…done.
    2009-11-25 13:17 : Information : Initializing interprocedural data flow analysis engine…The available PDB has been str
    ipped so it does not contain the required
    information for native or IJW images.
    Please find the full PDB for this binary and re-run your scenario.

    Unhandled Exception: System.AccessViolationException: Attempted to read or write protected memory. This is often an indi
    cation that other memory is corrupt.
       at Phx.Pdb.ReaderImplementation.GetDataStream(String sectionNameString)
       at Phx.PE.ReaderPhase.ReadPEFixups()
       at Phx.PE.ReaderPhase.SeedFixups()
       at Phx.PE.ReaderPhase.CodeDiscovery()
       at Phx.PE.ReaderPhase.Translate()
       at Phx.PEModuleUnit.LoadGlobalSymbols()
       at Microsoft.InformationSecurity.CodeAnalysis.Engines.AnalysisEngine.TaintedAnalysisEngine.Initialize(String assembly
    path, String[] phoenixargs, Int32 maxnumofpasses, Rules rules)
       at Microsoft.InformationSecurity.CodeAnalysis.Engines.RulesEngine.RulesEngine.ProcessRules()
       at Microsoft.InformationSecurity.CodeAnalysis.UI.CommandLine.Program.Main(String[] args)

    Seems like it is a Windows 7 problem.


Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in: Logo

Du kommenterar med ditt Logga ut / Ändra )


Du kommenterar med ditt Twitter-konto. Logga ut / Ändra )


Du kommenterar med ditt Facebook-konto. Logga ut / Ändra )

Google+ photo

Du kommenterar med ditt Google+-konto. Logga ut / Ändra )

Ansluter till %s