Microsoft releases free secure development tool

Share this article:

Microsoft on Monday announced the free availability of a new software verification tool designed for coders, as well as IT professionals.

Announced at this week's Black Hat conference in Washington, D.C., the tool, called Attack Surface Analyzer, helps determine when poorly designed applications widen the attack surface of a Windows system.

The tool is used to "highlight the changes in system state, run-time parameters and securable objects on the Windows operating system," according to a Security Development Lifecycle blog post. It identifies altered or new files, registry keys, services, ActiveX controls, listening ports, access control lists and other components that could increase an attack surface.

"The tool takes snapshots of an organization's system and compares these to identify changes," the post said, citing a product description. "[It] does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system."

The tool also produces a report detailing the changes that a particular application may have made to a system.

The Attack Surface Analyzer can be downloaded here.

In the past, Microsoft has released other free tools designed to bolster security in the software development process.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.