Microsoft updates security tools
Microsoft has updated the Threat Modeling Tool, MiniFuzz and RegExFuzz components of its Security Development Lifecycle (SDL) toolkit. The updates promise greater flexibility and should make it easier for companies to implement an SDL process.
The Threat Modeling Tool aims to find potential vulnerabilities in an application even before coding has begun. The new version 3.1.8 is more stable when used with Visio 2010 and Team Foundation Server 2010.
MiniFuzz 1.5.5 is a testing tool which is able to detect problems with file-handling code. In addition to bug fixes, operation with TFS 2010 has also been revised.
RegExFuzz 1.1.0 is able to detect potential denial of service vulnerabilities in regular expressions (it tests whether evaluation times could increase exponentially – an indicator of such a vulnerability). The new version also remedies a number of bugs.
See also:
- Microsoft's Security Development Lifecycle under Creative Commons License, a 2010 report from The H.
- SDL for dummies, a 2010 report from The H.
(crve)