CAT.NET is a managed code static analysis tool for finding security vulnerabilities. It’s exactly the same tool we use internally to scan all of our Line of Business (LOB) applications; it runs as a Visual Studio plug-in, or as a stand-alone application. It was engineered by this group (CISG) and has been designed in partnership with the ACE Team and Microsoft Research,” Mark Curphey, the product unit manager for the Connected Information Security Group or CISG, revealed.
Version 3 of the Microsoft Anti-Cross Site Scripting (XSS) Library is available as a Beta, and is set up to focus on delivering protection against cross-site scripting attacks, while securing legacy content against Security Runtime Engine. Curphey indicated that using AntiXSS 3.0 would resolve anywhere between 50% to 90% of the XSS issues with zero code changes involved.