Microsoft has launched a testing tool for developers to figure out the security implications of their apps.
The Attack Surface Analyser has been launched in beta form at the Blackhat DC event taking place in the US this week.
It is designed to help developers “identify increases in the attack surface caused by installing applications on a machine,” Microsoft explained in a Secure Development Lifecycle blog post.
“The tool takes snapshots of an organisation's system and compares … these to identify changes,” the company said.
“Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters that affect a computer's attack surface.”
The tool searches for classes of security weaknesses as applications are installed on to a Windows OS.
“The tool also gives an overview of the changes to the system Microsoft considers important to the security of the platform and highlights these in the attack surface report,” the Redmond giant said.
Developers will be pleased to hear Microsoft has made the technology available from now for free.
There has been plenty of debate around app security this week.
Facebook decided to rethink a feature designed to grant developers access to user phone numbers and addresses.
The social network said it wanted to ensure users were only giving away data they wanted.
Sophos suggested Facebook should adopt the “walled garden” approach Apple uses when it comes to allowing apps.
This article originally appeared at itpro.co.uk
Copyright © ITPro, Dennis Publishing
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.
