Free and easy security scanner for IIS, ASP.Net, SQL, and Windows servers

Defeat hackers by running the Microsoft Web Application Configuration Analyzer with the same security checks that Microsoft uses on its own servers

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Microsoft has just released version 2.0 of its Web Application Configuration Analyzer. A free download, the Web Application Configuration Analyzer scans IIS servers, hosted applications, and SQL Server instances for common security issues and misconfigurations. Version 2.0 contains 159 rules, each of which is a specific security check that generates a Passed, Failed, or Indeterminate outcome in the resulting report. Rules are broken down into three separate categories: General Applications, IIS Applications, and SQL Applications.

Microsoft Web Application Configuration Analyzer rule types

The rule checks were determined by Microsoft's own Information Security & Risk Management review team, whose job it is to harden pre-production and production servers within Microsoft. These checks are now being shared with the public. It's nice to know what Microsoft, one of the most attacked companies in the world, recommends doing on its own Web, application, and SQL servers to defeat hackers.

Each rule category can be expanded to reveal the underlying rule details.

To continue reading this article register now