Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Releases Free Security Tools for Application Developers



 By: Brian Prince
2009-09-16
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Microsoft unveils a binary code analysis tool and a fuzzing program designed to help developers design secure applications.

Microsoft on Sept. 16 unveiled two new tools to help developers build better security into their applications.

The tools are available for download for free, and are designed to help developers extend Microsoft's SDL (Security Development Lifecycle) process into their organizations. The first of the tools is BinScope Binary Analyzer, which examines binaries to see if they are in compliance with SDL requirements. For example, the tool checks that Microsoft SDL-required compiler/linker flags are being set, strong-named assemblies are in use, and up-to-date build tools are in place.

Resource Library:

The second program is Microsoft MiniFuzz File Fuzzer. MiniFuzz is designed to help detect code imperfections that may expose security vulnerabilities in file-handling code by creating random variations of file content and feeding it into the application. From there, the program exercises the code in an attempt to expose unexpected application behaviors.

"Code analysis and fuzzing are required parts of the SDL as malicious attackers use code analysis and test techniques such as fuzzing to find vulnerabilities," said David Ladd, principal security program manager of Microsoft's SDL team. "It is important for developers and testers to proactively employ similar techniques in an attempt to preemptively find and fix vulnerabilities that may otherwise not be caught."

Both the MiniFuzz File Fuzzer and BinScope Binary Analyzer are available in two forms: a stand-alone executable tool and an integrated tool within Visual Studio. The tools are available for download from the SDL Tools Repository and the Microsoft Download Center.





  Reader Comments: Microsoft Releases Free Security Tools for Application Developers
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r㶲s\@♵MQHS%ƶ,xMT(S$I٣'ˮO7t%_gĶD 74{$sG3L{B.cnQ?sOuޙ'w6{R(-GFgP+N-w5 E]0eNFNv@\~}@^sFwD%x_'Щ=ѩ&€wɔiPل͙ؗ6}^~b .pѱ ⌳Qm/ xyG`aFNoچs[=j*sܼǟ煊B=ʑGA GfnGp[N^ԢZ\}Gr ] 3 m%&@DrT*,ID>&-ԆNIH5}(D~WB-R#X@rIja>E4f‰EQ u$nxЖL-AA9EF,[SAVU衂Ġ`W:kԩ^tܜo.9nMI{#)|q5 0\68c_Zy['^=z,rG=jiT뒒{Cw2r!޺t|=!9Io'ɿپBds#$7W$cM|`Ah 2Xc]vSlJ^mT3o`H2 f4.ͻFp- @lo Kj(H)5?&F`Mil&XJp7Q 6`I˪2TY0&mQa:].a#waẍ_,ʹgc^IRe6\ni>U<<vwܬu"մޙ-~4Rށؓi5tiUO~*WFnZ`sQMm{QV2,ՎJb~ _1q-~~j0B m]& :V|y0`贁;mF{g0HӐ? M/6G˥yf>5 @ L^a V835Cuӹݰ=Uԇ9ȩu0CA 6]LRmb;>t9 PhQ0<sxLLσ I#ˋƠ` VPCh9N@tmS(|` 39;ʹiǀxԘЯ.aHd˵FK] cRR,H hI#r B1,`@n!` P 􎄰r)iLO:\v{B#ܙ8C\Z.kr)eb -x[b~ILg2+IɴX9yDMf#T`B[ᛥDKak`Dݚ, GZMz:㱩Y==xnZi [N@' 5$&.*lhAsq=7c@Cyw;J`p=fX4Кs=RA\^XPaAݤ693mX0NM}J"+p5(Bk?fx Q=6`\2'4P%~K{]ؠ9A7ÚLCQ+ow7 =5q ؇CUT3y:epGҶLoj@~-&]LqαrB&k:H(X3b-yrpm ֌M'W.s1r@@-T᧒rH1g0dz?Ԍ;Oq=1:37RtfZC+>q^i:[OeSZqlzAn^ӛA| ~ޮLR[k(YF&ۊx A-ژ WZڄ"JMP>L2Cɣ($mU2L? 7u(= > XU.*r_- }d2cFTbZPKm[ ʸCSNՐ`AFVLl9K[W),֩w⸀="/H{L)cg@>`ǟG )a!w1JoX,,aTJMIlbbp=z˸Bq,P XbO@{ UruXkjpp2vV=% Υ8ͧםv &:Le"6Xcji-6!ӞWʈ>h-07a2 EEqH~6=2.eX"{;gcOf:Y$ Fi.z20y8p` $Dq( 8JnfˤW6n&00"41< ~?tEUˉdxL4J$B؜AYo^a+o95=1۠O~^ d WBm1nxk+_>M};L;6.E;`83"qbGymVWA'eb Z`%Z hzVڲzQ䂲td3FNxX.6 cr0}"8wDA$۝\1U(zb]|U(*"X\5@Z_A Ұg /s_5u_&gnu"+JaHӈG2gFT7)ڴCiA/F=L.=pXoh;I@r;~O;a.ra5 *Jea%O.'-U*j^(YPX9H(P Yt>ɷ06fK/lCXr|MN?K{e$ $"zr3.=2 杨V,VXō .hqN _\}?؇^UkG K L$T)Ch/O10XMR! }%>CeQhNٞo{k^GWXk~~$CdxP8,{B:[_Si9d:[ `M/)F(+bK)"$Dٌ \gIʼnA/aEa1:(:ݟ;aKᷔo%?ů1K7xAxW(tNz4&,\3[INjw?!>48r㿜yG$M a]Zqns zsHaP;DZ3pq*Ihw6D2FFXn\%0َ q0螴CE HY)o9yB>@lb%&hҫ&BR~\Cp0 4ZajCrWR~=ԥRW%ݛf0z3ƍ`/awʜW#}a ?Y ./Cv6g>&k>dNi @ف9^ft)cᦿ C ~]j䮅M$7&Laq* fXe@g4!&v\u>\arJs ނi3G 6j 2}dO1\Xki2> ZA#VorlK9w@rs&cx2'[euw+[c“gD`GHA3}}igA jm9gitpmUE0p1~oE[ά(g3o-(8ߎ93{K8Wj R*2Kp1)%ϡ.9w4y˭0L _ ܻ'VDe86[b4[05| ttfڰJ;~K59:*i!8A$& xfPF/=<Yhr|(d+:m7d(΀, HS6G^n9)@8MBc74yq ّ]251|KgjB} L-@-h tF36|p4vYDP8vlأweYZNcsV>eQXazIwRjY*󄚉Dɒ+v!oWH\f+D*$H0S|ʵR͟%цf ^LECS8h=:H=JYl0xl)0cè/kC8ړ8`6T&Z-DS}j>H@4,.7o; dL!e2`@}K"~48+<]57o9]( (KC„hH9g{e idr<}jIGev f$LYK`WK,?F#)hEa-gΕNJz%?\6 6I )`/)D⿇R̦2ՠ,Ӱ|W 쯋{oA6y0Vj&H,9ŗШ, ͺb=LñV%'Sܴ|vjԖxDA' :IB'!xR' f"Cy!}A<(zZOz}GTImK.z/;_k3 ˗vQ4(6HPt)TkH7IXD@& < F{nUPs }熸x.I-֨;\'&MSԟGǻA?yvTڊCXD" X` ~Fhn_-_L0oŔUTR JAO{)>4^ &k;q T*  VB"?alNcH[!ŧPv'_Uݖ|+E1cw,gY,k܇ )8>'̝[ z=~ahڈ#4*ّ鉸i>G٭Y՗[g%E1 4KԢtN}"UjRJw'OBpD { ]wsϹ2b4+_g{ | OxC\ǻkbt7{,۾^\w>w;7z ԥ~y0WeST%}{MnC8\U!a |>lS3*c~NEz45ʖ>뾏?>H7JJaaEu[kM].[3e)% >I^"%._vX3|y|6_XV ԟ42PjӤnbAr^_j;KJQ)U6iaYs<j?v?TN6hF^di%iN-`CU{;-^*kwT18{7~YZ;(X~Z+ RQiHጸ:[&sjxZ-ԕ|咿%:^Yr Zs+5&L9RE(*Io$TC4r(M`~Ũt 6 yZŠx!Vi ?Ll+=5=؅nvn&.m']қ≠DU*ʹuȓP}sQ-* ;,Kŝ117[+`65~OR.g@%[7\Z 02&E"#m#"kjBYTjGnz OYZ+)`cbgIs˜>-CFUpaND"ml= Փ>/,Qu$vy)eTUR#h -q ,63; sƷ/@Y.6bi'1 m&|<700lAl9sXx[Mw-=(!QƉ58X\5/ޝJ_$nNlnMg vl"6B<\s˩^Dyj>"gƗ?rbS{=5r1Ze".^`hˊRM<ң]%C$1d .șfka'&сH.M 󫛰4`\adzxAfaX4B&s'?k\v!_K_!ݰVI m{7R[ $y`?ZƮEH' INn=s? >zxX2嵉Dp@3w4q4 S[E$0~/Axd+2tA,%M:,6Vֽ?#.7L mC4-l \ZS4ceoFeP/1Qݽ ?1@6La IAX#hBGH[~gMN;vE< ,i P 6@א0H`l'jM!Hb1Ř!&"[sNX" P[QH^16Faŷ~(l8*wxc||1W`V _P"1XJ.JUE d7  c!g v7UIu~ VK X`k,2E<ez?,GGA~2? :Q$g%~6t0Q-tV#ߛi7}n%nNKM ။R$!%H$bcx=9`1E2_7=}c|?ݩ2K(0  Ka1c~PBMФP:C KDHP<>A~guE{s HD+^@03%_Ч6#`ٷh]]!k"ם:\w%9noWj(;urһrڽ\]w/&hT/湶xQ(;OFYuavʜTδ'\ «XgqxixɎ>+bh,.64{(0%lyїU1o(6񏉸V}llŵg5^Lˢg%'!uoZuLlk#W܄qP ";睓]vrФo%u[@cFPsF5_o.?i2{P(GJl.oڝ(?\~ 96usͳn;3ʡ݌{Qfc?(_6 sȂ"?0_}^dE}"^f3(?@?2/"2c~/.32cz^F{ z!_>2 ޿x:~0~0~@  ק 埳a|397P~U{A7MF7@7ug+\8=r gs z)W@^d_~*%iFy3Y+f/^+sk3c_?+/q{uk'R+ ]Q%<3Lk[M2}Wc|u(X2M*!#(78%Y}MJ 4tk 7b[yDYp&}:=Wv l+Jy._[nNJ>S\ȜHqaN@B0-?FUy "\ ̽p'֯eybAzI[F4YQ =.v:)n7pK|*` nsOkr>u7xvY^][\;Yo%P.#IsgeAC:*k6:5DQ3[ %C?8[@OÙZ#gHX&38W "Z7.@c d߻C!N_Mx uYM45~ɱdL(1 kEF(t#B/I^mɞ3)Dp&lOW[l,)1{;sH.Կsx 0r['neݝ)ga%NAAWd]& A_&|NbhRxXugmn:,Nd=:v&OƂ霰)#,|HTP{Hf@-N-Nk.|ۃcP"6G4 (MP"qm$!1qpS$I!+Pkk8h=*s&zu Th4OS뚈1e%[^"mzG-Ŝz LJ @Bo)%&Tum;BI<jTL,sD?>K:!;31Q1jkI/?H3軱Wx&%}YQ v.ykH#eUI;.~n' ]*$Cb9G8]! MAE3`A]|eD$u@Ч ;؅ϨfSC>Xfc.Lc0ŬBCh=)O?G[n\<>ciESL/c<9zAn0$ / ixE C2zdz$_Oxª~Saxr=F= dM-IS`ioAs^n02)1 <&`ߟ2"L- Ң?3g)+],by٨3!g0lZqȱ(dyJn^mשfŧ3+owt-(5x2;nGOeg[(|_a[0~Y+JbA,\n2?>Şi3~@ }( oF85`y+@4W-E6<:=܈x~{ͺŀg 3HTx.X?l׉Q#iȅ+` jD]YtA]x OgWPэX-f1!Dv88)ҡCCĚR!´#T 1L(_r,RY7Wv!{ZyƋ|E>WNENE<<*IDy)V@ O{ |>":xqeaW@T,7_;+cA <]E!$ghvV;~v?;w a% ѨT\tkOz,Y~K['?\>]hI:v' AHcZvC"^ֳ;L~s Whc<+xL k ED;idMn+:cQEae=JV01{6JܖmJHQN9KIk^iLNƇڱ wm<lx61ͽT+