Microsoft releases free secure development tool
Microsoft on Monday announced the free availability of a new software verification tool designed for coders, as well as IT professionals.
Announced at this week's Black Hat conference in Washington, D.C., the tool, called Attack Surface Analyzer, helps determine when poorly designed applications widen the attack surface of a Windows system.
The tool is used to "highlight the changes in system state, run-time parameters and securable objects on the Windows operating system," according to a Security Development Lifecycle blog post. It identifies altered or new files, registry keys, services, ActiveX controls, listening ports, access control lists and other components that could increase an attack surface.
"The tool takes snapshots of an organization's system and compares these to identify changes," the post said, citing a product description. "[It] does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system."
The tool also produces a report detailing the changes that a particular application may have made to a system.
The Attack Surface Analyzer can be downloaded here.