[Cisspstudy] exploitable Crash Analyzer - Open Source Security Tool from Microsoft
Prakash
prakash2757 at yahoo.com
Fri Sep 11 11:47:20 EDT 2009
Microsoft released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it’s still under development.
It provides automated crash analysis and security risk assessment. This tool was created by the Microsoft Security Engineering Center (MSEC) Security Science Team. exploitable Crash Analyzer (pronounced “bang exploitable crash analyzer”) combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. It’s a Windows debugger extension that’s used during fuzz testing, when testers test the stability and security of an application by throwing unexpected data at it.
The tool creates hashes to ensure each crash is unique then rates them according to how exploitable it is - Exploitable, Probably Exploitable, Probably Not Exploitable or Unknown.
Download !exploitable Crash Analyzer
http://msecdbg.codeplex.com/Release/ProjectReleases.aspx?ReleaseId=28935
- Prakash
http://www.linkedin.com/in/prakashp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090911/2bf8090a/attachment.html>
More information about the cisspstudy
mailing list