Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Microsoft Programming Security

Microsoft Releases Attack Surface Analyzer Tool 40

Posted by samzenpus
from the how-bad-is-bad dept.
wiredmikey writes "Microsoft has released the public version of Attack Surface Analyzer, a tool designed to help software developers and independent software vendors assess the attack surface of an application or software platform. The tool was pushed out of beta with Version 1.0 released on Thursday. Since ASA doesn't require the original source code, managers and executives can also use the tool to determine how a new application or software being considered would affect the organization's overall security before deploying it. The tool takes snapshots of the system before and after an application was installed, and compares them to identify changes made when new applications were installed. A stand-alone wizard guides users through the scanning and analysis process and a command-line version is available for use with automated tools. Attack Surface Analyzer 1.0 can be downloaded from Microsoft here."
This discussion has been archived. No new comments can be posted.

Microsoft Releases Attack Surface Analyzer Tool

Comments Filter:
  • Re:For Windows (Score:5, Informative)

    by benjymouse (756774) on Monday August 06, 2012 @10:00AM (#40894199)

    This is for Windows only and it does not test applications for security problems, it looks at the entire system and how it is affected by the installation.

    Hence, attack surface analyzer.

    The tool looks at the surface of a system (not an application) and analyzes how observable changes to that surface could impact security. For instance it will report that a new port is listening after an application has been installed, or it reports that a certain application phones home, or that the application relies on configuration files/installation/registry keys which may not have proper permissions set.

"The only way I can lose this election is if I'm caught in bed with a dead girl or a live boy." -- Louisiana governor Edwin Edwards