Microsoft releases free secure development tool

Share this article:

Microsoft on Monday announced the free availability of a new software verification tool designed for coders, as well as IT professionals.

Announced at this week's Black Hat conference in Washington, D.C., the tool, called Attack Surface Analyzer, helps determine when poorly designed applications widen the attack surface of a Windows system.

The tool is used to "highlight the changes in system state, run-time parameters and securable objects on the Windows operating system," according to a Security Development Lifecycle blog post. It identifies altered or new files, registry keys, services, ActiveX controls, listening ports, access control lists and other components that could increase an attack surface.

"The tool takes snapshots of an organization's system and compares these to identify changes," the post said, citing a product description. "[It] does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system."

The tool also produces a report detailing the changes that a particular application may have made to a system.

The Attack Surface Analyzer can be downloaded here.

In the past, Microsoft has released other free tools designed to bolster security in the software development process.

Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.