Web Application Configuration Analyzer (WACA)

Web sitelerinizin güvenliğini kontrol etmek için Microsoft tarafında
geliştirilmiş Web Application Configuration Analyzer(WACA) aracını
kullanabilirsiniz. Detaylı açıklamayı aşağıda bulabilirsiniz.

Bilginize.

Web Application Configuration Analyzer (WACA) is a tool that scans a
server against a set of best practices recommended for pre-production
and production servers. It can also be used by developers to ensure
that their codebase works within a secure / hardened environment
(although many of the checks are not as applicable for developers). The
list of best practices is derived from the Microsoft Information
Security & Risk Management Deployment Review Standards used
internally at Microsoft to harden production and pre-production
environments for line of business applications. The Deployment Review
standards themselves were derived from content released by Microsoft
Patterns & Practices, in particular: Improving Web Application
Security: Threats and Countermeasures available at: http://msdn.microsoft.com/en-us/library/ms994921.aspx .
It uses an agent-less scan that requires the user to have admin
privileges on the target server, as well as any SQL Server instances
running on that machine.

• Scan a machine for more than 140 rules
• Generate HTML based reports
• Compare two scans to view the differences
• Export results to Excel
• Export results to Team Foundation Server

You can download the tool from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=60585590-57df-4fc1-8f0c-05a286059406 . You can view a demo of the tool in this channel9 screencast.