Microsoft releases Attack Surface Analyzer tool


Microsoft has released a free beta version of Attack Surface Analyzer on Wednesday.

The tool is currently used internally at Microsoft to catalog and compare the various changes made to Windows during software installations. Created by Microsoft’s Security Engineering Group, the tool takes snapshots of an organization’s system and compares (“diffing”) these to identify changes. The tool does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system.

Microsoft’s tool can be triggered via the command line or using a GUI wizard. The tool collects data from applications running on Windows Vista, Windows 7 and Microsoft’s Server operating systems Windows Server 2008 and Windows Server 2008 R2.

Microsoft is promoting the tool to ISVs and IT professionals to allow them to highlight the changes in system state, runtime parameters and securable objects on the Windows operating system. This analysis helps developers, testers and IT professionals identify increases in the attack surface caused by installing applications on a machine. “We are releasing a tool called Attack Surface Analyzer to assist both testers and IT Pros in assessing the security of an application. The Attack Surface Analyzer is being released as a beta – to allow us time to gather feedback and real world usage data from our customers,” wrote David Ladd, principal security program manager for secure development at Microsoft.

Source: {url=][/url]

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.