dinis at ddplus.net
Tue Dec 1 06:23:48 EST 2009
Can you resend that solution file? I don't seem to have it? I want to see if
I can replicate your problem (it could be due to only scanning one file at
Have you tried to script O2 & Cat.NET? The new XRule module (
http://deploy.o2-ounceopen.com/O2_Tool_XRules/) will make this very easy :)
Do you have any feedback on the conversion from Cat.NET results into
O2Finding format? I am going to use very soon CAT.NET on a project and if
you have any ideas/requests about O2 & Cat.Net, now would be the best time
Also have you looked and manipulated Cat.NET rules? What about its
Finally , what does the new version (.NET 4.0 dependent) results look like?
Are they much better than the previous version?
On Tue, Dec 1, 2009 at 9:48 AM, Erlend Oftedal <erlend at oftedal.no> wrote:
> Hi Dinis
> I just tested it with CAT.NET 22.214.171.124, and it seems to work as well as
> with the old version.
> I still have a problem though. I sent you a small solution earlier. The
> solution had two XSS-errors, and CAT.NET finds both errors if I run it in
> Visual Studio, but if I use the O2 Scanner, it only finds one of
> I am able to work around it by importing the VS CAT.NET report into the
> ozasmt converter. Then I can see them both of them in findings viewer.
> On Wed, 25 Nov 2009, Erlend Oftedal wrote:
>> Thanks! I'll check it out, and also test it with the new CAT.NET version
>> if can get it working.
>> I'll get back to you once I have any results.
>> On Wed, 25 Nov 2009, Dinis Cruz wrote:
>> Hi Erlend
>>> Are you talking about the just released version of CAT.NET or the
>>> version (v1)
>>> For the previous version of CAT.NET (download it from
>>> your can use the "O2 Scanner - MsCatNet" Module to trigger the scans and
>>> the conversion of its results into O2 Finding's format. For reference
>>> is how you can get this mode
>>> - ClickOnce (web install)
>>> - MSI (offline install):
>>> - All O2 Binaries:
>>> A nice feature of that O2 Module is that you can just point it to a
>>> (for example the "Temporary ASP.NET files" folder) and fire an
>>> CAT.NETscanner on all assemblies found :)
>>> I have not completed my tests of using O2 with the latest version of
>>> As anybody here used this latest CAT.NET release? If so what is the
>>> capabilities parity with the previous version?
>>> On Mon, Nov 23, 2009 at 7:38 PM, Erlend Oftedal <erlend at oftedal.no>
>>>> Can someone help me get started with O2 and CAT.NET?
>>>> In the previous version I could invoke the scanner from an O2 module,
>>>> this module does not seem to be included anymore.
>>>> I guess the main question is: How do I import the CAT.NET results into
>>>> Best regards
>>>> Erlend Oftedal
>>>> Owasp-o2-platform mailing list
>>>> Owasp-o2-platform at lists.owasp.org
>> Owasp-o2-platform mailing list
>> Owasp-o2-platform at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-o2-platform