Microsoft Releases Free Security Tools for Application Developers
Microsoft unveils a binary code analysis tool and a fuzzing program designed to help developers design secure applications.Microsoft on Sept. 16 unveiled two new tools to help developers build better security into their applications. The tools are available for download for free, and are designed to help developers extend Microsoft's SDL (Security Development Lifecycle) process into their organizations. The first of the tools is BinScope Binary Analyzer, which examines binaries to see if they are in compliance with SDL requirements. For example, the tool checks that Microsoft SDL-required compiler/linker flags are being set, strong-named assemblies are in use, and up-to-date build tools are in place.
The second program is Microsoft MiniFuzz File Fuzzer. MiniFuzz is designed to help detect code imperfections that may expose security vulnerabilities in file-handling code by creating random variations of file content and feeding it into the application. From there, the program exercises the code in an attempt to expose unexpected application behaviors.