Microsoft releases free secure development tool

Share this article:

Microsoft on Monday announced the free availability of a new software verification tool designed for coders, as well as IT professionals.

Announced at this week's Black Hat conference in Washington, D.C., the tool, called Attack Surface Analyzer, helps determine when poorly designed applications widen the attack surface of a Windows system.

The tool is used to "highlight the changes in system state, run-time parameters and securable objects on the Windows operating system," according to a Security Development Lifecycle blog post. It identifies altered or new files, registry keys, services, ActiveX controls, listening ports, access control lists and other components that could increase an attack surface.

"The tool takes snapshots of an organization's system and compares these to identify changes," the post said, citing a product description. "[It] does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system."

The tool also produces a report detailing the changes that a particular application may have made to a system.

The Attack Surface Analyzer can be downloaded here.

In the past, Microsoft has released other free tools designed to bolster security in the software development process.

Share this article:

Sign up to our newsletters

More in News

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

Released Tuesday, the update prevents exploit via "triple handshake" attacks, which could allow a bypass of encryption safeguards.

'Unauthorized' media contact a fireable offense for U.S. intel employees

The new media policy states that U.S. intelligence employees who have "unauthorized" contact with the media could lose their jobs.

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.