Microsoft introduces Attack Surface Analyser


Microsoft has launched a testing tool for developers to figure out the security implications of their apps.

The Attack Surface Analyser has been launched in beta form at the Blackhat DC event taking place this week.

It is designed to help developers "identify increases in the attack surface caused by installing applications on a machine," Microsoft explained in a Secure Development Lifecycle blog post.

"The tool takes snapshots of an organisation's system and compares these to identify changes," the company said.

"Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters that affect a computer's attack surface."

The tool searches for classes of security weaknesses as applications are installed on to a Windows OS.

"The tool also gives an overview of the changes to the system Microsoft considers important to the security of the platform and highlights these in the attack surface report," the Redmond giant said.

Developers will be pleased to hear Microsoft has made the technology available from now for free.

There has been plenty of debate around app security this week.

Facebook decided to rethink a feature designed to grant developers access to user phone numbers and addresses.

The social network said it wanted to ensure users were only giving away data they wanted.

Sophos suggested Facebook should adopt the "walled garden" approach Apple uses when it comes to allowing apps.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.