Free Microsoft Tools For Detecting Security Problems

Recommended Posts

Free Microsoft tools for detecting security problems

"Two tools, BinScope and MiniFuzz, for detecting security holes in applications are now available to developers – free from Microsoft. The [binScope Binary Analyzer checks binary code to establish whether all the recommended and required security flags (/GS, /SafeSEH and more), protective mechanisms (for example /DYNAMICBASE for ALSR) and controls have been included, or activated, in a program. While with the MiniFuzz File Fuzzer developers can test their applications for unexpected behaviour and establish early in the development cycle whether problems like program crashes need to be investigated for potential security risks. The basic fuzzing principles are explained in a feature article titled "Data salad" in The H Security.

Microsoft has used both tools within its Security Development Lifecycle for quite some time. For instance, BinScope analysis and MinuFuzz fuzzer testing is mandatory during the SDL product verification phase. The tools are available as stand-alone applications or they can be integrated into Visual Studio 2008. Microsoft has released short video demos of BinScope and on its TechNet pages.

More information at Heise security -

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.