Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Today we are excited to announce that some enhancements have been made to three of our free Security Development Lifecycle (SDL) tools - Threat Modeling, MiniFuzz, and RegExFuzz.
As many of you know, tools can be an invaluable asset when it comes to implementing a Security Development Lifecycle process in any organization. Over the years, Microsoft has made many of its security development tools available for free here. We hope these new enhancements will provide greater flexibility and enable you to effectively implement an SDL process in your organization.
Threat Modeling Tool v3.1.8
The Threat Modeling Tool is used in the SDL Design Phase to find security problems before coding begins. Through beta testing we obtained valuable input on what changes could be made to improve the tool. In this new version, we focused on stabilization of the Visio 2010 and Team Foundation Server (TFS) 2010 support that was provided as part of the beta release, and fixed bugs that were discovered.
Thank you to all of our beta testers who reported issues in the forum as well as through the select beta program. Your input was critical to improving the tool and customer experience.
> Learn more or download the tool
MiniFuzz Tool v1.5.5
The MinFuzz Tool provides basic file fuzzing capabilities that can be applied by developers, testers and even those with limited experience with fuzz testing as part of the SDL Verification phase. In this new version of the tool, we have included support for Team Foundation Server (TFS) 2010, fixed stability bugs and made it easier to control target application shutdown.
RegExFuzz Tool v1.1.0
The RegExFuzz Tool provides regular expression fuzzing capabilities that can be applied during the SDL Verification phase to check that regular expression evaluation times are not exponential. Regular expressions with very long evaluation times can lead to DoS attacks. In this new version, we focused on bug fixes requested from field use of the tool. A readme document has been added to the download which documents the fixes, remaining known issues, and planned future enhancements.
As the threat landscape continues to evolve, we remain committed to freely sharing our secure engineering best practices and security tools with the broader community. We hope you find our tools useful and, as always, we welcome any comments or feedback you may have.
Monty LaRue [SDL Team]
When will we see an update to CAT.NET????
We have just started planning for the next CAT.NET release so I don't have a specific date. It will likely be sometime in 2012. Are there specific fixes or features you would like to to see in the update?
Expand the ability to create custom rules, especially related to custom sources and sinks. Give users the ability to map interfaces to implementations to help the engine in data and control flow analysis. Compatibility with x64 of course. I would definitely like to help out beta testing if needed.
would you like to make sdl tools support other bug tracking system than MS Team Foundation server,such as bugzilla and JIRA.
Thank you very much!
What is this: (D:\Windows\winsxs\x86_winpe-smi-schema_31bf3856ad364e35_6.0.6000.16386_none_7eec3310ba635f22\)?
magnifico programa muy importante para nosotros gracias por educarnos y enseñar el manejo del programa
I like thid upsate..!!! Thanks... )roco)
After a long period of implementing programs on our systems, as well as the formation of a network environment significantly large and complex, come at an opportune moment with the new tools and their features, with this, let me explore when these formidable resources. I thank you all for the fantastic presentations.
Any plans to release an updated version of the Minifuzzer?
Looking for commandline driven and stop after X hours.
peço para o desbloqueio do meu facebook