Threaded View
-
January 19th, 2011 10:49 PM #1
- Join Date
- Oct 2009
- Location
- The land of Hockey and Rock music
- Posts
- 5,016
- Mentioned
- 16 Post(s)
- Tagged
- 434 Thread(s)
- Sex:
Attack Surface Analyzer, a new security tool from Microsoft
Microsoft has relased and made available for download, a new security tool, Attack Surface Analyzer, designed to analyze changes to Windows Attack Surface.
Attack Surface Analyzer is the same tool used by Microsoft’s internal product teams to catalogue changes made to the operating system by the installation of new software.
The Attack Surface Analyzer beta is a Microsoft verification tool now available for ISVs and IT professionals to highlight the changes in system state, runtime parameters and securable objects on the Windows operating system. This analysis helps developers, testers and IT professionals identify increases in the attack surface caused by installing applications on a machine.
Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. The tool does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system.
The tool also gives an overview of the changes to the system Microsoft considers important to the security of the platform and highlights these in the attack surface report. The Microsoft Security Development Lifecycle (SDL) requires development teams to define a given product’s default and maximum attack surface during the design phase to reduce the likelihood of exploitation wherever possible. Additional information can be found in the Measuring Relative Attack Surface paper.
Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters that affect a computer’s attack surface.
This tool allows:
* Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
* IT Professionals to assess the aggregate Attack Surface change by the installation of an organization’s line of business applications
* IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
* IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase).
To download and to learn how to run Attack Surface Analyzer, visit https://www.microsoft.com/downloads/e...ang=en&pf=true
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Microsoft releases Update to block DLL load hijacking attack
By razorsedge in forum News & ReviewsReplies: 0Last Post: August 24th, 2010, 03:46 PM -
Security Analyzer 1.0.1098 Beta
By razorsedge in forum MiscellaneousReplies: 0Last Post: August 6th, 2010, 08:34 AM
Lightstar Can Be Very Protective Of His Creations As He Sends A Percentage Of Funds Made To Charities For The Poor, Best To Take This To PMs. As Its Premium, You Could Say "Inspired By" Or Something...
Theme request