Attack Surface Analyzer

The Attack Surface Analyzer application is similar to the same tool used by Microsofts internal product teams to catalogue changes made to the operating system by the installation of new software.
Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.
This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organizations line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Attack Surface Analyzer scans the system to identify potential security issues.  To isolate the results to those specific to your product, it should be scan the system at least twice:
- The first scan, called the baseline, should be run on a clean system without your product installed, but with external dependencies such as SQL Server already installed.
- The following scan, called the product scan, should be run after installing your product to the system.
Each scan will generate a .CAB file that can be analyzed to generate a report identifying potential issues.  Pairs of scans, made up of a .CAB file generated before a product installation and a .CAB file generated after, can be analyzed to determine issues present on the system and changes to the systems attack surface resulting from the installation. Generating new .CAB pairs while enabling and disabling different product features may allow you to better isolate the source of identified issues.System requirementsMicrosoft .Net Framework 4