In association with heise online

17 September 2009, 15:00

Free Microsoft tools for detecting security problems

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Two tools, BinScope and MiniFuzz, for detecting security holes in applications are now available to developers – free from Microsoft. The BinScope Binary Analyzer checks binary code to establish whether all the recommended and required security flags (/GS, /SafeSEH and more), protective mechanisms (for example /DYNAMICBASE for ALSR) and controls have been included, or activated, in a program. While with the MiniFuzz File Fuzzer, developers can test their applications for unexpected behaviour and establish early in the development cycle whether problems like program crashes need to be investigated for potential security risks. The basic fuzzing principles are explained in a feature article titled "Data salad" in The H Security.

Microsoft has used both tools within its Security Development Lifecycle (SDL) for quite some time. For instance, BinScope analysis and MinuFuzz fuzzer testing is mandatory during the SDL product verification phase. The tools are available as stand-alone applications or they can be integrated into Visual Studio 2008. Microsoft has released short video demos of BinScope and MiniFuzz on its TechNet pages.

An additional short tutorial (direct .docx download) explains how to integrate the "SDL Process Template for Visual Studio Team System" into Visual Studio, and provides details on how to use it. The SDL Process Template was released last May.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit