Microsoft has released Attack Surface Analyzer 1.0 which determines the security of an application by examining how it affects the computer it is installed on.
The tools was originally released on January 2011 during the Blackhat DC security conference as Beta version.
According to the press release, the new release includes performance enhancements and bug fixes to improve the user experience. Through improvements in the code, Microsoft reduces the number of false positives and improve Graphic User Interface performance. This release also includes in-depth documentation and guidance to improve ease of use.
“The Attack Surface Analyzer tool is designed to assist independent software vendors (ISVs) and other software developers during the verification phase of the Microsoft Security Development Lifecycle (SDL) as they evaluate the changes their software makes to the attack surface of a computer. ” Microsoft explains.
“Because Attack Surface Analyzer does not require source code or symbol access, IT professionals and security auditors can also use the tool to gain a better understanding of the aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform. “