Tuesday, March 29, 2011

Introducing Attack Surface Analyzer

Chance upon this interesting security tool that I like to share with you. Attack Surface Analyzer is a verification tool by Microsoft to catalog changes in system state, runtime parameters, and securable objects on the Windows OS. This analysis helps identify any increase in attack surface that is caused by installing applications. Because Attack Surface Analyzer does not require source code or symbol access, IT Pros and security auditors can use the tool to gain a better understanding of the aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform. Attack Surface Analyzer enables:

  • Developers to view changes in the attack surface resulting from their applications

  • IT Pros to evaluate aggregate attack surface changes by LOB applications

  • IT security auditors to identify risk related to attack surface during threat risk assessments

  • IT security incident responders to better understand the state of securable objects on a system during investigations

Read more and download from here.

No comments: