Web Application Configuration Analyzer (WACA) analyzes server configuration for security best practices related to General Windows, IIS , ASP.NET and SQL Server settings. Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks are not as applicable for developers). The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications. The Deployment Review standards themselves were derived from content released by Microsoft Patterns & Practices, in particular: Improving Web Application Security: Threats and Countermeasures available at: http://msdn.microsoft.com/en-us/library/ms994921.aspx. It uses an agent-less scan that requires the user to have admin privileges on the target server, as well as any SQL Server instances running on that machine.This release of WACA we included some new features. They include:
It is really good news.
I found this informative and interesting blog, so I think so it’s very useful and knowledgeable. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. In fact your creative writing abilities has inspired me. I really thought that blog is spreading its wings rapidly...
Thanks a lot.
Is there any way to schedule this scan?
And is there a methode to use this waca scan as a 'Configuration Baseline' within SC 2012 CM?
Looking for a way to schedule this scan and report it to SCCM