[Owasp-o2-platform] CAT.NET

Dinis Cruz dinis at ddplus.net
Tue Dec 1 06:23:48 EST 2009


Hi Erland

Can you resend that solution file? I don't seem to have it? I want to see if
I can replicate your problem (it could be due to only scanning one file at
the time)

Have you tried to script O2 & Cat.NET? The new XRule module (
http://deploy.o2-ounceopen.com/O2_Tool_XRules/) will make this very easy :)


Do you have any feedback on the conversion from Cat.NET results into
O2Finding format? I am going to use very soon CAT.NET on a project and if
you have any ideas/requests about O2 & Cat.Net, now would be the best time
:)

Also have you looked and manipulated Cat.NET rules? What about its
visualization graphs?

Finally , what does the new version (.NET 4.0 dependent)  results look like?
Are they much better than the previous version?

Dinis Cruz

On Tue, Dec 1, 2009 at 9:48 AM, Erlend Oftedal <erlend at oftedal.no> wrote:

>
> Hi Dinis
>
> I just tested it with CAT.NET 1.1.1.9, and it seems to work as well as
> with the old version.
> I still have a problem though. I sent you a small solution earlier. The
> solution had two XSS-errors, and CAT.NET finds both errors if I run it in
> Visual Studio, but if I use the O2 Scanner, it only finds one of
> them.
> I am able to work around it by importing the VS CAT.NET report into the
> ozasmt converter. Then I can see them both of them in findings viewer.
>
> Erlend
>
>
>
> On Wed, 25 Nov 2009, Erlend Oftedal wrote:
>
>
>> Thanks! I'll check it out, and also test it with the new CAT.NET version
>> if can get it working.
>> I'll get back to you once I have any results.
>>
>> Erlend
>>
>> On Wed, 25 Nov 2009, Dinis Cruz wrote:
>>
>>  Hi Erlend
>>>
>>> Are you talking about the just released version of CAT.NET or the
>>> previous
>>> version (v1)
>>>
>>> For the previous version of CAT.NET (download it from
>>> here<
>>> http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en
>>> >)
>>> your can use the "O2 Scanner - MsCatNet" Module to trigger the scans and
>>> run
>>> the conversion of its results into O2 Finding's format. For reference
>>> here
>>> is how you can get this mode
>>>
>>>  - ClickOnce (web install)
>>>  http://deploy.o2-ounceopen.com/O2_Scanner_MsCatNet/
>>>  - MSI (offline install):
>>>
>>> http://deploy.o2-ounceopen.com/_O2_MSI_Installers/O2_Scanner_MsCatNet.msi
>>>  - All O2 Binaries:
>>>
>>> http://deploy.o2-ounceopen.com/_O2_MSI_Installers/_Bin_(O2_Binaries)%20%2009-Nov-09.zip<http://deploy.o2-ounceopen.com/_O2_MSI_Installers/_Bin_%28O2_Binaries%29%20%2009-Nov-09.zip>
>>>
>>> A nice feature of that O2 Module is that you can just point it to a
>>> directly
>>> (for example the "Temporary ASP.NET files" folder) and fire an
>>> CAT.NETscanner on all assemblies found :)
>>>
>>> I have not completed my tests of using O2 with the latest version of
>>> CAT.NET.
>>> As anybody here used this latest CAT.NET release? If so what is the
>>> current
>>> capabilities parity with the previous version?
>>>
>>> Dinis
>>>
>>> On Mon, Nov 23, 2009 at 7:38 PM, Erlend Oftedal <erlend at oftedal.no>
>>> wrote:
>>>
>>>
>>>> Hi
>>>>
>>>> Can someone help me get started with O2 and CAT.NET?
>>>> In the previous version I could invoke the scanner from an O2 module,
>>>> but
>>>> this module does not seem to be included anymore.
>>>>
>>>> I guess the main question is: How do I import the CAT.NET results into
>>>> O2?
>>>>
>>>> Best regards
>>>> Erlend Oftedal
>>>>
>>>> _______________________________________________
>>>> Owasp-o2-platform mailing list
>>>> Owasp-o2-platform at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>>>>
>>>>
>>>  _______________________________________________
>> Owasp-o2-platform mailing list
>> Owasp-o2-platform at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20091201/5bf52bc9/attachment.html 


More information about the Owasp-o2-platform mailing list