Microsoft indeed seems to be coming out with a good security applications now. What with projects like – AntiXSS, Enhanced Mitigation Evaluation Toolkit and suites like Microsoft Security essentials! Yes! We know that we have been ranting about this one for long now. We will stop at once we think that MS does something VERY constructive about it’s OS security. WACA or the Web Application Configuration Analyzer
WACA was an internal tool developed by Microsoft, to review servers for security configuration issues. They are now kind enough to release this tool for public use and download. It is a lightweight stand-alone tool focussed towards developers and testers who often develop in an un-managed, insecure environment. It helps developers configure their local environments with security best practices.
The WACA welcome screen looks as under:
WACA is designed to scan your development environment against best practices for .NET security configuration, IIS settings, SQL Server Security best practices and some Windows permission settings. Mainly, it consists of:
- Over 100 security rules in total (many more are expected in the final release)
- IIS Security Configuration (such as authentication settings)
- .NET Framework Security Configuration
- SQL Server Security Configuration
- Windows Permissions
- Generate HTML based report, export results to Excel and export findings as work items to TFS (“Curpheys Favorite Feature tm” )
- Scan a machine remotely (Requires WMI and Remote Registry)
- Windows shares access control issues
- Windows services
- SSL settings
- Virtual directory settings
- ASP.NET Web.Config settings
- SQL Server authentication
- Extended stored procedures and database permissions
Now, this is a download exclusive for Microsoft Connect members. You can sign up for an account here and then download WACA version 1.0 here.
Searches leading to this post:microsoft waca, WACA (Web Application Configuration Analyzer), WACA - Web Application Configuration Analyzer
You must log in to post a comment.