Microsoft’s Security Development Lifecycle (SDL) team has released two new security tools to help developers test and verify the security of software programs.
The tools — BinScope Binary Analyzer and MiniFuzz File Fuzzer — are available for download at no cost.
The BinScope Binary Analyzer can be used to analyze binaries for a wide variety of security protections with a very straightforward and easy-to-use interface. At Microsoft, developers and testers are required to use this tool in the Verification Phase of the SDL to ensure that they have built their code using the compiler/linker protections required by the Microsoft SDL.
The second tool, called MiniFuzz File Fuzzer, is described as a very simple fuzzer designed to ease adoption of fuzz testing by non-security people who are unfamiliar with file fuzzing tools or have never used them in their software development processes.
Microsoft’s Jeremy Dallman explains the intricacies of the tool releases.