Secure Coding mailing list archives
Re: New Microsoft Security Tool for developers
From: "Dana Epp" <dana () vulscan com>
Date: Wed, 10 Dec 2003 00:10:01 +0000
Ya, I saw that this morning as well. Funny thing is that if you do a bit of poking around you will find that AppVerifier has actually been around since sometime before 2001. If you check out http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnappcom/html/AppVerifier.asp you will find some good documentation on how to test applications with AppVerifier, written in October of 2001. When I was at the Microsoft Driver DevCon last month I started to spend a great deal of time discussing prefast, and the new static driver verifier that Microsoft has for kernelmode code. As I explored the functionality with some Microsoft employees I realized there are some really good functional and security tests in these tools, and no one knows about them. I don't think Microsoft has done enough to educate the developers buying their tools on just what is actually available to them in the installed software. If anyone else knows more about some of these tools, fess up. I also just recently learned about the .NET code correctness tool called FxCop that does code analysis of managed code assemblies and checks those against Microsoft's Framework Design Guidelines. It even includes some good security based rules to disclose potential issues that should be reviewed in more depth. You can learn more about FxCop over at http://www.gotdotnet.com/team/fxcop/. Anyone else know of some other similar tools? --- Regards, Dana M. Epp [Blog: http://silverstr.ufies.org/blog/] ----- Original Message ----- From: "Tegels, Kent" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 09, 2003 11:13 AM Subject: [SC-L] New Microsoft Security Tool for developers
Greetings fellow concerned coders, My blog-watcher just noticed that Microsoft has announced a new tool for analyzing and verifying called AppVerifier. One of their secure coding Gurus, Michael Howard, has also provided a tutorial. More details at the following link: http://msdn.microsoft.com/library/en-us/dncode/html/secure12112003.asp?f rame=true Thanks! kt
Current thread:
- New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Andreas Saurwein (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 09)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: New Microsoft Security Tool for developers Avner Peled (Dec 12)
- Re: New Microsoft Security Tool for developers Jeremy Thibeaux (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Jack D. Unrue (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 13)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: What's wrong with this code? Jared W. Robinson (Dec 12)
- RE: New Microsoft Security Tool for developers David Crocker (Dec 12)