Finalmente Microsoft sta facendo qualcosa di proattivo per la sicurezza dei suoi ambienti e per la sicurezza di tutti noi e ha rilasciato un tool per testare le vulnerabilità dei software scritti dagli sviluppatori…

Hanno rilasciato un tool nuovo e open source per facilitare le operazioni di debug. Questo strumento dà agli sviluppatori molto aiuto durante la fase di rilascio per costruire un software più sicuro.

Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it’s still under development.

As its name suggests, !exploitable Crash Analyzer (pronounced “bang exploitable crash analyzer”) combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a “game changer” because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk.

“Microsoft has taken years of difficulties with security vulnerabilities and really condensed that experience down to a repeatable tool that takes a look at a crash and says ‘You better take a look at this,’” Kaminsky told The Reg. “What makes !exploitable so fascinating is that it takes at least the first level of this knowledge and packages it up into something that can be in the workflow.”

Il tool crea degli hashes per assicurarsi che ogni crash sia univoco. Il livello “exploitable” ossia quanto è vulnerabile il software si suddivide in: Exploitable, Probably Exploitable, Probably Not Exploitable o Unknown.

Ci sono versioni sia per x86 che x64

Potete scaricare il software dal link sottostante:

!exploitable Crash Analyzer – MSEC Debugger Extensions


Lascia un commento