[Owasp-o2-platform] CAT.NET

Erlend Oftedal erlend at oftedal.no
Tue Dec 1 04:48:31 EST 2009


Hi Dinis

I just tested it with CAT.NET 1.1.1.9, and it seems to work as well as 
with the old version.
I still have a problem though. I sent you a small solution earlier. The 
solution had two XSS-errors, and CAT.NET finds both errors if I 
run it in Visual Studio, but if I use the O2 Scanner, it only finds one of
them.
I am able to work around it by importing the VS CAT.NET report into the
ozasmt converter. Then I can see them both of them in findings viewer.

Erlend


On Wed, 25 Nov 2009, Erlend Oftedal wrote:

>
> Thanks! I'll check it out, and also test it with the new CAT.NET version
> if can get it working.
> I'll get back to you once I have any results.
>
> Erlend
>
> On Wed, 25 Nov 2009, Dinis Cruz wrote:
>
>> Hi Erlend
>>
>> Are you talking about the just released version of CAT.NET or the previous
>> version (v1)
>>
>> For the previous version of CAT.NET (download it from
>> here<http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en>)
>> your can use the "O2 Scanner - MsCatNet" Module to trigger the scans and run
>> the conversion of its results into O2 Finding's format. For reference here
>> is how you can get this mode
>>
>>   - ClickOnce (web install)
>>   http://deploy.o2-ounceopen.com/O2_Scanner_MsCatNet/
>>   - MSI (offline install):
>>   http://deploy.o2-ounceopen.com/_O2_MSI_Installers/O2_Scanner_MsCatNet.msi
>>   - All O2 Binaries:
>>   http://deploy.o2-ounceopen.com/_O2_MSI_Installers/_Bin_(O2_Binaries)%20%2009-Nov-09.zip
>>
>> A nice feature of that O2 Module is that you can just point it to a directly
>> (for example the "Temporary ASP.NET files" folder) and fire an
>> CAT.NETscanner on all assemblies found :)
>>
>> I have not completed my tests of using O2 with the latest version of CAT.NET.
>> As anybody here used this latest CAT.NET release? If so what is the current
>> capabilities parity with the previous version?
>>
>> Dinis
>>
>> On Mon, Nov 23, 2009 at 7:38 PM, Erlend Oftedal <erlend at oftedal.no> wrote:
>>
>>>
>>> Hi
>>>
>>> Can someone help me get started with O2 and CAT.NET?
>>> In the previous version I could invoke the scanner from an O2 module, but
>>> this module does not seem to be included anymore.
>>>
>>> I guess the main question is: How do I import the CAT.NET results into
>>> O2?
>>>
>>> Best regards
>>> Erlend Oftedal
>>>
>>> _______________________________________________
>>> Owasp-o2-platform mailing list
>>> Owasp-o2-platform at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>>>
>>
> _______________________________________________
> Owasp-o2-platform mailing list
> Owasp-o2-platform at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>


More information about the Owasp-o2-platform mailing list