Microsoft updates free security tools
Microsoft improves its free three Security Development Lifecycle (SDL) tools – Threat Modeling, and RegExFuzz MiniFuzz.
The threat modeling tool used in the SDL design phase to find security problems before they begin coding. Through beta testing was obtained valuable information about changes that could be done to improve the tool. This version focuses on the stabilization of the Visio 2010 and Team Foundation Server (TFS) 2010 for support provided as part of the beta, and bug fixes that were discovered.
MiniFuzz Tool 1.5.5
The tool provides basic file fuzzing MinFuzz capabilities that can be implemented by developers, testers and even those with limited experience with fuzz testing as part of the verification phase of SDL. The new version of the tool includes support for Team Foundation Server (TFS) 2010, stability bugs fixed and made it easier to control off target application.
The tool provides capabilities RegExFuzz fuzzing regular expression that can be applied during the SDL verification phase to verify that the scheduled assessment times are not exponential expression. Regular expressions with long evaluation times can lead to DoS attacks. The new version focuses on correcting errors in the field requested use of the tool.