Microsoft Attack Surface Analyzer, Validate Apps Before Release, Deployment

Martin Brinkmann
Jan 20, 2011
Updated • Mar 25, 2012
Software, Windows, Windows software

Microsoft has released a free tool for 32-bit and 64-bit editions of Windows that they have been using internally only for some time. The Attack Surface Analyzer assists "both testers and IT Pros in assessing the security of an application". It does so by highlighting "the changes in system state, runtime parameters and securable objects on the Windows operating system" after the installation of new programs.

The tool takes two snapshots of the system, one before the installation and one after the installation. It compares the two snapshots to identify the changes. It looks in particular for "classes of security weaknesses as applications are installed on the Windows operating system".

In addition, Microsoft Attack Surface Analyzer "gives an overview of the changes to the system Microsoft considers important to the security of the platform and highlights these in the attack surface report".

This allows:

  • Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
  • IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
  • IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
  • IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)

The program stores the report in a cab file. The start page offers to run a new scan or to generated a report by comparing a previous scan with a new scan.

attack surface analyzer

Each scan performs several tasks, like enumerating files, handles or services. Some operations may take a while or show up as pending if they have not been started by the application.

The report is launched in the default web browser, a short explanation is available as well.

attack surface report

Attack Surface Analyzer is available as a 32-bit and 64-bit application at Please note that the application has been released as beta. Reports can be generated on Windows Vista, Windows 7 and Windows Server 2008 R1 and R2. The analysis of the data and report generation requires the Microsoft .NET Framework 3.5 in addition.


Tutorials & Tips

Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.