Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft's Secure Developer Tools SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft's Secure Developer Tools

During Blackhat DC, Microsoft released some updates to its secure development tools. Microsoft did some very nice work with these tools. While these tools are not necessarily limited to .Net, I highly recommend that .Net developers take a look at them.

The (at least to me) new tool is the "Attack Surface Analyzer" [1]. It compares the state of your system before and after you install software to determine the impact your software has on the system, what resources it depends on and what changes it makes. It will also enumerate possible security issues. A Microsoft SDL blog article has more details [2].

BTW: if you are managing developers, and want to know more about threat modeling and common vulnerabilities: I will be teaching the 1 day software security awareness class in San Francisco on March 9th.

 

[1] http://www.microsoft.com/security/sdl/getstarted/tools.aspx
[2] http://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3699 Posts
ISC Handler
Now all we have to do is to forward this information to the developers..

I don't think you will find that developers have isc.sans.edu as part of their morning, lunch and afternoon activities.

.. done, sent internally . .

Thanks!
dotBATman

63 Posts
Apparently the Attack Analyzer doesn't run on XP, only Win7 and Windows Server.
dotBATman
20 Posts

Sign Up for Free or Log In to start participating in the conversation!