[OWASP-Bangalore] exploitable Crash Analyzer - Open Source Security Tool from Microsoft

PraKash prakash2757 at gmail.com
Fri Sep 11 11:42:57 EDT 2009


Microsoft released an open-source program designed to streamline the
labor-intensive process of identifying security vulnerabilities in software
while it’s still under development.


It provides automated crash analysis and security risk assessment. This tool
was created by the Microsoft Security Engineering Center (MSEC) Security
Science Team. exploitable Crash Analyzer (pronounced “bang exploitable crash
analyzer”) combs through bugs that cause a program to seize up, and assesses
the likelihood of them being exploited by attackers. It’s a Windows debugger
extension that’s used during fuzz testing, when testers test the stability
and security of an application by throwing unexpected data at it.



The tool creates hashes to ensure each crash is unique then rates them
according to how exploitable it is - Exploitable, Probably Exploitable,
Probably Not Exploitable or Unknown.


Download !exploitable Crash Analyzer
http://msecdbg.codeplex.com/Release/ProjectReleases.aspx?ReleaseId=28935



- Prakash


<http://www.linkedin.com/in/prakashp>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090911/9ce1cacb/attachment.html 


More information about the OWASP-Bangalore mailing list