Microsoft is very much interested in secure development and they are expanding its SDL(security development lifecycle) tools and services. So, they are planning to release an attack surface analyzer tool and they are also introducing consulting services on secure development.
Microsoft is very much interested in secure development and they are expanding its SDL(security development lifecycle) tools and services. So, they are planning to release an attack surface analyzer tool and they are also introducing consulting services on secure development.This attack surface analyzer is nothing but an SDL verification tool for developers and IT professionals. They will use this tool to identify the newly developed or installed applications are changing the attack surface of a Microsoft OS or not. You can download this tool from Microsoft’s website at no coast and moreover this tool is the same tool used by internal Microsoft product development teams. David Ladd, principal security manager at Microsoft told that “Microsoft has required attack surface validation of applications prior to release for years, however, assessing the attack surface of an application or software platform can be an intimidating process at first glance.” He also mentioned that “To help ease the process, we are releasing a tool called Attack Surface Analyzer to assist both testers and IT pros in assessing the security of an application. The Attack Surface Analyzer is being released as a beta to allow us time to gather feedback and real-world usage data from our customers.”
Microsoft trying to update its threat modeling and also the Binscope Binary Analyzer, they are making it better to enhance developer usability. The main advantages of these tools are free and easily accessible at Microsoft’s security website. If a developer need guidance on building and analyzing threat models, then the binary threat modeling tool offers everything regarding that. The main use of the binary analyzer is to check binary analyzer is to check binaries to ensure they were built based on SDL requirements and recommendations. Regarding this tool Ladd mentioned that “Consistent with the previous release of the tool, version 3.1.6 [of Threat Modeling] allows for early and structured analysis and proactive mitigation of potential security and privacy issues in new and existing applications” and he also said that “The Microsoft SDL Threat Modeling Tool beta is enhanced to support Microsoft Visio 2010 for diagram design, and also contains bug fixes reported to Microsoft by members of the security developer community.” Its current version 3.1.6 is currently in a beta i.e. in developing process release stage.
Ladd also said about the support to other software and he said “BinScope Binary Analyzer now supports Visual Studio 2010, making validation tasks readily available in the development environment. In addition, it integrates with Microsoft Team Foundation Server 2008 and Microsoft Team Foundation Server 2010 to output results into work items.”
SDL is going to be offered in February 11 by a Microsoft consulting services. The goal behind this move is to improve security concerns about software and also to reduce both customer risk and cost of development. Microsoft services group is going to offer these services.