Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Microsoft Releases Attack Surface Analyzer Tool

Today at Black Hat DC, Microsoft is releasing a beta version of Attack Surface Analyzer, a new (and free!) tool designed to help assess the security of applications.

According to Microsoft, Attack Surface Analyzer is the same tool used by Microsoft’s internal product teams to catalog changes made to the operating system by the installation of new software.

Today at Black Hat DC, Microsoft is releasing a beta version of Attack Surface Analyzer, a new (and free!) tool designed to help assess the security of applications.

According to Microsoft, Attack Surface Analyzer is the same tool used by Microsoft’s internal product teams to catalog changes made to the operating system by the installation of new software.

The tool takes a snapshot of a system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. Attack Surface Analyzer doesn’t analyze a system based on signatures or known vulnerabilities, but looks for classes of security weaknesses when applications are installed on a (Windows) system.

The tool performs checks such as analysis of changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters that affect a computer’s attack surface, giving an overview of the changes to the system Microsoft considers important to the security of the platform. The Microsoft Security Development Lifecycle (SDL) requires development teams to define a given product’s default and maximum attack surface during the design phase to reduce the likelihood of exploitation wherever possible. 

Core Features of the Attack Surface Analyzer Enable IT Professionals to:

• View changes in the attack surface resulting from the introduction of their code on to the Windows platform

• Assess the aggregate Attack Surface change by the installation of an organization’s line of business applications

• Evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews

• Gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)

In addition to the Attack Surface Analyzer tool, Microsoft is releasing the next version of the Microsoft SDL Threat Modeling Tool, as a beta at the Black Hat conference. David Ladd, Principal Security Program Manager, Security Development Lifecycle Team at Microsoft shares more information in a blog post here.

More information on Attack Surface Analyzer beta by Microsoft and other tools supporting the Microsoft SDL is available here

The Microsoft Attack Surface Analyzer can be downloaded here.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.