Microsoft releases free secure development tool

Share this article:

Microsoft on Monday announced the free availability of a new software verification tool designed for coders, as well as IT professionals.

Announced at this week's Black Hat conference in Washington, D.C., the tool, called Attack Surface Analyzer, helps determine when poorly designed applications widen the attack surface of a Windows system.

The tool is used to "highlight the changes in system state, run-time parameters and securable objects on the Windows operating system," according to a Security Development Lifecycle blog post. It identifies altered or new files, registry keys, services, ActiveX controls, listening ports, access control lists and other components that could increase an attack surface.

"The tool takes snapshots of an organization's system and compares these to identify changes," the post said, citing a product description. "[It] does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system."

The tool also produces a report detailing the changes that a particular application may have made to a system.

The Attack Surface Analyzer can be downloaded here.

In the past, Microsoft has released other free tools designed to bolster security in the software development process.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.