Thursday, October 28, 2010

Microsoft Web Application Configuration Analyzer v1.0

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=60585590-57DF-4FC1-8F0C-05A286059406

Web Application Configuration Analyzer (WACA) analyzes server configuration for security best practices related to General Windows, IIS , ASP.NET and SQL Server settings.

Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production servers. It can also be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks are not as applicable for developers). The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications. The Deployment Review standards themselves were derived from content released by Microsoft Patterns & Practices, in particular: Improving Web Application Security: Threats and Countermeasures available at:
http://msdn.microsoft.com/en-us/library/ms994921.aspx.

Here are some features of the tool:
  • Scan a server using more than 140 rules
  • Generate HTML based reports
  • Compare multiple scan results
  • Export results to Excel
  • Export results to Team Foundation Server

-------------------------------------------------------------------------

FYI - This tool does require credentials for the box being scanned.

No comments:

Post a Comment