Attack Surface Analyzer is the same tool used by Microsoft’s internal product teams to catalogue changes made to the operating system by the installation of new software.
The tool takes snapshots of an organization’s system and compares (“diffing”) these to identify changes. The tool does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system.
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT professionals to assess the aggregate Attack Surface change by the installation of an organization’s line of business applications
- IT security auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT security incident responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase).
The tool supports Windows 7.
Collection of Attack Surface data: Windows 7, Windows Vista, Windows Server 2008 R1 or Windows Server 2008 R2.
Analysis of Attack Surface data and report generation: Windows 7 or Windows Server 2008 R2 with Microsoft .Net 3.5 SP1.