Microsoft on Wednesday announced the availability of two free tools designed to detect vulnerabilities in the software development process.
The tools, BinScope Binary Analyzer and MiniFuzz File Fuzzer, are the latest two technologies to emerge from the software giant's Security Development Lifecycle (SDL) initiative.
The BinScope tool lets developers run checks of binary code against SDL's list of "security flags," such as whether code would permit stack-based buffer overflows. This allows engineers to detect possible coding errors.
The MiniFuzz tool, meanwhile, runs automatic security tests on code so testers can monitor and study unexpected actions, such as a crash.
"Focused on the verification phase of the software development process, both tools offer developers and application testers responsible for the prerelease testing of software the ability to catch security risks in their code before it releases," Ladd said.
Earlier this year, Microsoft released the SDL Process Template for Visual Studio Team System, which provides a framework, including auditable requirements, for building security into applications. On Tuesday, the Redmond, Wash.-based company released a new paper, titled "Manual Integration of the SDL Process Template," which provides a step-by-step review of how to integrate the template into existing projects.
Also in the past, Microsoft has distributed other free secure development tools, including Optimization Model, Pro Network and Threat Modeling Tool.
Microsoft developed the SDL initiative in 2004 to address security vulnerabilities in its software. The program is credited with reducing in-house vulnerabilities in Vista and SQL Server.
The tools, BinScope Binary Analyzer and MiniFuzz File Fuzzer, are the latest two technologies to emerge from the software giant's Security Development Lifecycle (SDL) initiative.
The BinScope tool lets developers run checks of binary code against SDL's list of "security flags," such as whether code would permit stack-based buffer overflows. This allows engineers to detect possible coding errors.
The MiniFuzz tool, meanwhile, runs automatic security tests on code so testers can monitor and study unexpected actions, such as a crash.
"Focused on the verification phase of the software development process, both tools offer developers and application testers responsible for the prerelease testing of software the ability to catch security risks in their code before it releases," Ladd said.
Earlier this year, Microsoft released the SDL Process Template for Visual Studio Team System, which provides a framework, including auditable requirements, for building security into applications. On Tuesday, the Redmond, Wash.-based company released a new paper, titled "Manual Integration of the SDL Process Template," which provides a step-by-step review of how to integrate the template into existing projects.
Also in the past, Microsoft has distributed other free secure development tools, including Optimization Model, Pro Network and Threat Modeling Tool.
Microsoft developed the SDL initiative in 2004 to address security vulnerabilities in its software. The program is credited with reducing in-house vulnerabilities in Vista and SQL Server.
