BinScope Binary Analyzer
Microsoft and Independent Software Vendors (ISVs) offer a wide selection of free tools, some come with a specific purpose and with no commercial aspects while, others are offered as a teaser to a paid version. However, a good tool whether it’s free or not can save the day of an IT Professional and it is my goal to share with you valuable tools as I am accustomed to do in the section titled Utilities on this blog. A free security-related tool designed by Microsoft to help IT professionals audit the security of applications is called BinScope Binary Analyzer.
In fact, BinScope Binary Analyzer can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying/managing. The Director of Product Management in Microsoft’s Trustworthy Computing group, Tim Rains says “I have often said that as long as humans write code, mistakes will be made. Some of those mistakes will lead to security vulnerabilities, and some of those vulnerabilities will be potentially exploitable”.
In an article series Tim explains the scenario where the BinScope Binary Analyzer becomes handy – it is a security tool that analyses binaries to determine if they are leveraging specific security mitigations. BinScope can been used by teams of developers and testers at any organization in the Verification Phase of the Security Development Lifecycle (SDL) to ensure that they have built their code using the compiler/linker protections required by the Microsoft SDL. Whether or not you or your organization uses the SDL, you can likely still benefit from the functionality of this tool.
Read more about BinScope Binary Analyzer here – http://blogs.technet.com/b/security/archive/2012/08/15/microsoft-s-free-security-tools-binscope-binary-analyzer.aspx