All the latest UK technology news, reviews and analysis
|
|
|
17 Sep 2009
Microsoft has released two new tools designed to help developers analyse their code and check for possible vulnerabilities in applications before release.
Both applications are being offered as part of Microsoft's secure development lifecycle programme. Originally designed for use in-house on Microsoft products, the programme has since been expanded into a partner project to help third-party developers create more secure software.
The first of the tools is the BinScope Binary Analyzer, which allows developers to check code at the binary level and root out areas which could be vulnerable.
In doing so, Microsoft hopes that the tool will enable developers to build security protections and follow best practices at the most basic level of coding.
The second tool is the MiniFuzz File Fuzzer, which automates a security process known as 'fuzzing' in which an application is carefully examined and tested for possible memory overflow errors.
Such 'buffer overflow' vulnerabilities are often targeted by malware writers for exploits, and used for remote code execution attacks that can result in the covert installation of malware.
Microsoft said that both tools will be available to developers free of charge through the Security Development Lifecycle Tool Repository site.
Latest stories from Developer
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Project Manager - Credit Risk - Finance IT - Investment...
Infrastructure Configuration Manager/Analyst/Data Modeler...
Lead Perl Developer, Apache, SQL, Unix/Linux, Shell Scripting...
**Perl /Java Developer, Web/ JEE application servers...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Will new tools protect you from M$?
How will they help protect from M$'s incompetence or perhaps their backdoors to the NSA & CIA? How does that work? Will the new tools have some safeguard from M$ reverse engineering your software, then replicating it & calling it theirs or the many thousands of patents that stop you from developing the software because even though they haven't developed an idea, some non-specific idea that they haven't got the genius to develop, they can still sue you if you do?
Posted by: Rex Alfred Lee 22 Sep 2009