SDL lifecycle tools
have been built in compliance with requirements and recommendations
Microsoft has a link to a set of Microsoft’s Security Development Lifecycle (SDL) Tools, get them here. The tool set includes great products such as FxCop. A SDL Thread Modelling Tool allows non-security specialists to enter already known information, including business requirements and application architecture , the tool then produces a threat model, A SDL process template for integrating SDL into VSTS. The tool set also includes an Anti-XSS .NET library.
Other Highlights include :
MiniFuzz creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected application behaviors to expose security vulnerabilities.
The BinScope Binary Analyzer is a tool that analyzes binaries to ensure that they BinScope also reports on dangerous constructs that are prohibited or discouraged by the SDL.
CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack’s such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.
b.