Attack Surface Analyzer (Security)

Posted on

  • email
  • twitter
  • facebook
  • share this

share this

Microsoft has formally released a tool that gauges the security of an application by exploring how it affects the computer upon which it is installed.

The Attack Surface Analyzer, which might just be the best name ever for a security product, was originally released in January 2011 during the Blackhat DC security conference. Over the 20 months since launch, Microsoft claims that it has reduced the number of false positives, enhanced performance and made some bug fixes.

The tool takes snapshots of a system before and after an application was installed and then compares each to identify changes made when new apps were installed. The tool then provides an overview of changes including those such as newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists, etc.

Analyzer only looks at classes of security weaknesses where programs fall short or those which are exposed to attack vectors, but it is something developers should explore running attack surface validations before releasing Windows apps is now required by Microsoft.

Login To Comment

Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

Be the first to comment on this article

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920