Peaches Posted September 18, 2009 Report Share Posted September 18, 2009 Free Microsoft tools for detecting security problems "Two tools, BinScope and MiniFuzz, for detecting security holes in applications are now available to developers – free from Microsoft. The [binScope Binary Analyzer checks binary code to establish whether all the recommended and required security flags (/GS, /SafeSEH and more), protective mechanisms (for example /DYNAMICBASE for ALSR) and controls have been included, or activated, in a program. While with the MiniFuzz File Fuzzer developers can test their applications for unexpected behaviour and establish early in the development cycle whether problems like program crashes need to be investigated for potential security risks. The basic fuzzing principles are explained in a feature article titled "Data salad" in The H Security.Microsoft has used both tools within its Security Development Lifecycle for quite some time. For instance, BinScope analysis and MinuFuzz fuzzer testing is mandatory during the SDL product verification phase. The tools are available as stand-alone applications or they can be integrated into Visual Studio 2008. Microsoft has released short video demos of BinScope and on its TechNet pages.More information at Heise security - http://www.h-online.com/security/Free-Micr...s--/news/114264 Quote Link to post Share on other sites
Allenwood Posted July 11 Report Share Posted July 11 Microsoft has used both tools within its Security Development Lifecycle for quite some time. For instance, BinScope analysis and MinuFuzz fuzzer testing is mandatory during the SDL product verification phase. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.