Microsoft Web Application Configuration Analyzer v1.0

Web sitelerinizin güvenliğini kontrol etmek için Microsoft tarafında geliştirilmiş Web Application Configuration Analyzer(WACA) aracını kullanabilirsiniz. D

Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can also be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks are not as applicable for developers). The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications. The Deployment Review standards themselves were derived from content released by Microsoft Patterns & Practices, in particular: Improving Web Application Security: Threats and Countermeasures available at: It uses an agent-less scan that requires the user to have admin privileges on the target server, as well as any SQL Server instances running on that machine.

  • Scan a machine for more than 140 rules
  • Generate HTML based reports
  • Compare two scans to view the differences
  • Export results to Excel
  • Export results to Team Foundation Server

You can download the tool from You can view a demo of the tool in this channel9 screencast.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s