Attack Surface Explorer

Security Innovation Attack Surface Explorer

Attack Surface Explorer (ASE) is a security utility from Security Innovation designed to help you explore and analyze the attack surface of your application by detecting and listing the potential attack vectors for your application. For instance, ASE check can your application for potentially unsafe files that your application reads from, registry keys that you access, dlls and libraries that you are dependent upon, pipes that open to communicate with other processes and sockets you open to communicate over the network. ASE recognizes that any channel you open to take input can be used against you! ASE also checks for the usage of known dangerous APIs.
- Aditya Kakrania, Rahul Chaturvedi

Scenarios

Our vision for the Attack Surface Explorer includes the following scenarios:

• Understand application attack surface by monitoring:
  • Insecurely called APIs
  • Usage of Banned APIs
  • Insecure channels of communication (via network protocols or pipes)
  • Use of excessive privileges
  • Registry and File input that could be used to attack your application
• Provide warnings for violations of security best practices that could be fixed to reduce your attack surface
• Provide guidance on security best practices so you understand how to best reduce your attack surface
• Plugins architecture for custom analysis of identified risks

Our initial releases will not support all scenarios. See our Future Release Schedule for more details.

Releases

• Download Attack Surface Explorer .1 Beta

What's New

• 11/25/2008 - <<>>

Attack Surface Explained

Attack Surface is a measurement that can help you understand the risk involved in deploying your application in a hostile environment. Even after your best efforts it is likely that your application has vulnerabilities. Attack Surface allows you to visualize the vectors by which you may be attacked. If you reduce your attack surface you can reduce the risk of an attacker discovering and exploiting a latent vulnerability in your application.

Attack Surface exploration is an activity prescribed by the Microsoft Secure Development Lifecycle (SDL), the industry-leading software security assurance process created by Microsoft in 2004.

Mockups

For more mockup images, see the Mockups Page

This screenshot shows some of the resources such as registry keys, files and pipes that were accessed by the test application

More Information

• For information on the API injection technology behind ASE, see How it Works
• For information on the Microsoft SDL, see "The Microsoft SDL Pro Network" at http://msdn.microsoft.com/en-us/security/dd219581.aspx
• For information on Attack Surface Reduction, see "Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users" at http://msdn.microsoft.com/en-us/magazine/cc163882.aspx
• For information on the Banned APIs, see http://msdn.microsoft.com/en-us/library/bb288454.aspx

Contact

If you have a question, please use the discussions tab to ask it. If you have a bug or feature request, please add it to the issue tracker. We will monitor the discussions on this site and we'll review all issues submitted to the issue tracker.