MS updates Web app scanner

SAN FRANCISCO — Microsoft Corp has just released version 2.0 of its Web Application Configuration Analyzer.
A free download, the Web Application Configuration Analyzer scans IIS servers, hosted applications, and SQL Server instances for common security issues and misconfigurations.
 
Version 2.0 contains 159 rules, each of which is a specific security check that generates a Passed, Failed, or Indeterminate outcome in the resulting report. Rules are broken down into three separate categories: General Applications, IIS Applications, and SQL Applications
.
The rule checks were determined by Microsoft’s Information Security and Risk Management review team, whose job it is to harden pre-production and production servers within Microsoft. These checks are now being shared with the public.
Each rule category can be expanded to reveal the underlying rule details, Microsoft says. Any rule that is not appropriate for a scan can be suppressed. Once a suppression list has been set up it can be saved for future uses.  Suppressions can be changed and a report regenerated without needing to re-run the scan. IT staff can view multiple scans of the same machine or view a single machine’s scan and compare it to other machines.

The reporting section has been updated to include suppression information to show what passed, failed, was not applicable and what was suppressed.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows...

Unlocking Transformation: IoT and Generative AI Powered by Cloud

Amidst economic fluctuations and disruptive forces, Canadian businesses are steering through uncharted waters. To...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now