White Hat Hacker

"There is no security in this life, only opportunity" -- Gen Douglas MacArthur 
« Back to blog
Viewed 63 times
Favorited 0 times
October 27, 2009

Microsoft Security Tools

In the past year (or so) Microsoft has released four free security tools to improve application security.

The following clips are from the announcements on www.theregister.co.uk and links from searching MSDN.

2008-09-16 The first initiative is the release of the Microsoft SDL Threat Modeling Tool. The software is designed to streamline the development of secure applications by helping teams track and mitigate security and privacy flaws that are likely to affect specific types of applications. The idea is to streamline secure coding by giving guidance in drawing threat diagrams, analysis of threats and mitigations and integrating with an organization's bug tracking systems.

SDL Threat Modeling Tool 3.1
http://www.microsoft.com/downloads/details.aspx?familyid=A48CCCB1-814B-47B6-9D17-1E273F65AE19&displaylang=en

2009-03-20 The release of !exploitable, which was announced at the CanSecWest security conference in Vancouver, British Columbia, is a continuation of that effort. It's a Windows debugger extension that's used during fuzz testing, when testers test the stability and security of an application by throwing unexpected data at it. It's expected to be available soon at this linkas an open-source program on CodePlex.

!exploitable Crash Analyzer - MSEC Debugger Extensions
http://msecdbg.codeplex.com/

2009-09-16 Microsoft Minifuzz is a lightweight file fuzzer, a type of tool that detects software bugs by throwing random data at an application. Under Redmond's Secure Development Lifecycle (SDL), all code under development must be extensively fuzzed so buffer overflows and other common flaws can be identified before it goes into production.

MiniFuzz File Fuzzer
http://www.microsoft.com/downloads/details.aspx?FamilyID=b2307ca4-638f-4641-9946-dc0a5abe8513&displayLang=en

2009-10-27 EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications. Unlike mitigations released in the past, EMET doesn't require programs to be recompiled, so it can be used to fortify applications even when the source code isn't available.

Enhanced Mitigation Evaluation Toolkit (EMET)
http://go.microsoft.com/fwlink/?LinkID=162309

Comments (0)

Leave a comment...

 
Got an account with one of these? Login here, or just enter your comment below.
Posterous-login    Connect    twitter