Today at Black Hat DC, Microsoft is releasing a beta version of Attack Surface Analyzer, a new (and free!) tool designed to help assess the security of applications.
According to Microsoft, Attack Surface Analyzer is the same tool used by Microsoft’s internal product teams to catalog changes made to the operating system by the installation of new software.
The tool takes a snapshot of a system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. Attack Surface Analyzer doesn’t analyze a system based on signatures or known vulnerabilities, but looks for classes of security weaknesses when applications are installed on a (Windows) system.
The tool performs checks such as analysis of changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters that affect a computer’s attack surface, giving an overview of the changes to the system Microsoft considers important to the security of the platform. The Microsoft Security Development Lifecycle (SDL) requires development teams to define a given product’s default and maximum attack surface during the design phase to reduce the likelihood of exploitation wherever possible.
Core Features of the Attack Surface Analyzer Enable IT Professionals to:
• View changes in the attack surface resulting from the introduction of their code on to the Windows platform
• Assess the aggregate Attack Surface change by the installation of an organization’s line of business applications
• Evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
• Gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
In addition to the Attack Surface Analyzer tool, Microsoft is releasing the next version of the Microsoft SDL Threat Modeling Tool, as a beta at the Black Hat conference. David Ladd, Principal Security Program Manager, Security Development Lifecycle Team at Microsoft shares more information in a blog post here.
More information on Attack Surface Analyzer beta by Microsoft and other tools supporting the Microsoft SDL is available here.
The Microsoft Attack Surface Analyzer can be downloaded here.
