Tuesday, November 10, 2009

Microsoft MiniFuzzer

Microsoft SDL team releases two security verification tools as FREE DOWNLOADS
BinScope Binary Analyzer integrates directly into the Visual Studio 2008 IDE. MiniFuzz File Fuzzer is a Visual Studio 2008 add-in. Both tools provide easy integration with TFS 2008 and the SDL Process Template for VSTS 2008! Both of them are available here.
MiniFuzzer File Fuzzer.
MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected application behaviors.

Because fuzzing is effective at finding bugs, it is a required activity in the Verification Phase of the Microsoft Security Development Lifecycle (SDL). With the release of MiniFuzz, we have made a simple file fuzzer available to assist developer efforts to find and address more bugs in code before it ships to customers.
BinScope Binary Analyzer.
The BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, and up-to-date build tools are in place.

BinScope also reports on dangerous constructs that are prohibited or discouraged by the SDL (e.g. read/write shared sections and global function pointers). For a more detailed enumeration of the checks performed by BinScope, please see the BinScope documentation. BinScope is available in two forms: as a standalone executable and as a Visual Studio add-on.

UPGRADE: Here a First impression. Take a look.

1 comment:

site said...

This won't really have success, I believe this way.