Web Application Configuration Analyzer (WACA) Analyzes 2.0 Released to Microsoft Download Center

Microsoft has released to web version 2.0 of Web Application Configuration Analyzer (WACA)."WACA is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks […]

Microsoft has released to web version 2.0 of Web Application Configuration Analyzer (WACA).

"WACA is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks are not as applicable for developers)," Microsoft stated.

"The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications. The Deployment Review standards themselves were derived from content released by Microsoft Patterns & Practices, in particular: Improving Web Application Security: Threats and Countermeasures available here. It uses an agent-less scan that requires the user to have admin privileges on the target server, as well as any SQL Server instances running on that machine."

  • Suppressions - you can now suppress any rule you feel isn't appropriate for your scan.
  • Saving of suppression files - once you set up a suppression list you want to use you can save it off for future uses.
  • You can change the suppressions and regenerate the report without needing to re-run the scan.
  • Reporting - Updated the reporting section to include suppression information so you know what passed, failed, wasn't applicable and what was suppressed.
  • Multiple reports - you can view multiple scans of the same machine or view a single machine's scan and compare it to other machines.
  • Export to the Microsoft RED format.
  • Scan multiple systems and SQL instances in one bulk scan.
  • Additional rules - we've added in additional SQL rules.
  • And of course bug fixes that were missed in the last release.

More Info: Download