Microsoft Outs Full Version of Attack Surface Analyzer

Dubbed Attack Surface Analyzer 1.0, the tool scans for known weakness an application or a software may introduce in the operating system through files, registry, services, ActiveX controls or through any other form or parameter.

Monty LaRue & Jimmie Lee from Microsoft Trustworthy Computing Security noted on a blog post, “The Attack Surface Analyzer tool is designed to assist independent software vendors (ISVs) and other software developers during the verification phase of the Microsoft Security Development Lifecycle (SDL) as they evaluate the changes their software makes to the attack surface of a computer.”

Developers can ensure that their applications don’t hamper the cyber defenses of the computer while IT professionals as well as security auditors can gain a better understanding of “aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform.”

Rather than using a signature based methodology of detection of such weaknesses, the Attack Surface Analyzer uses “classes of security weaknesses” introduced by applications and that have been gathered by Microsoft.