Nezir Zahirović

Free security tools that Microsoft provides to help make IT professionals' and developers' lives easier.

Very good and useful list of  "Microsoft's Free Security Tools." Free security tools that Microsoft provides to help make IT professionals' and developers' lives easier.  By:

Anti-Cross Site Scripting Library

The Microsoft Anti-Cross Site Scripting Library V4.2.1 (AntiXSS V4.2.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.

Learn more  |  Download Tool 


Attack Surface Analyzer

Attack Surface Analyzer can help software developers and Independent Software Vendors (ISVs) understand the changes in Windows systems' attack surface resulting fro m the installation of the applications they develop.  It can also help IT professionals, who are responsible for managing the deployment of applications or the security of desktops and servers, understand how the attack surface of Windows systems change as a result of installing software on the systems they manage. 

Learn more  |  Download Tool



The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development.

Learn more  |  Download Tool


BinScope Binary Analyzer

The BinScope Binary Analyzer tool can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying / managing. Auditing the software deployed in an environment and determining if it is making use of security mitigations can help risk managers make more meaningful assessments.   

Learn more  |  Download Tool


Enhanced Mitigation Experience Toolkit (EMET)

EMET it is a free toolkit that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by allowing developers to enable some of the latest mitigation technologies already built into Windows.  The result is that a wide variety of software is made significantly more resistant to exploitation – even against ze ro day vulnerabilities and vulnerabilities for which an update has not yet been applied. 

Learn more  |  Download Tool


Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for IT professionals and helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates.

Learn more
  |  Download Tool


Microsoft Safety Scanner

The Microsoft Safety Scanner is a free stand-alone virus scanner that is used to remove malware or potentially unwanted software from a system. The tool is easy to use and packaged with the latest signatures, updated multiple times daily.  The application is not designed to replace your existing antimalware software, but rather act as an on demand virus removal tool in situations where you suspect your real time antimalware software might not be working correctly.

Learn more  |  Download Tool


Microsoft Security Compliance Manager

Microsoft's Security Compliance Manager (SCM) enables organizations to centrally plan, view, update, and export thousands of Group Policy settings for Microsoft client and server operating systems and applications.   It makes it easier for organizations to plan, implement, and monitor security compliance baselines in their Active Directory infrastructure.  With SCM, IT Professionals can obtain baseline policies based on security best practices, customize them to the particular needs of their organization and export them to a number of formats for use in different scenarios.

Learn more  |  Download Tool



Portqry is a TCP/IP connectivity test tool, port scanner, and local port monitor.  Portqry is designed to help IT Professionals troubleshoot networking issues as wel l as verify network security related configurations.  Portqry is a great lightweight port scanner regardless of what version of Windows you are running.   

Learn more  |  Download Tool


Threat Modeling Tool

The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle.  To help make threat modeling a little easier, Microsoft offers a free SDL Threat Modeling Tool that enables non-security subject matter experts to create and analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues.

Learn more  |  Download Tool


URLScan Security Tool

URLScan is a security tool that restricts the types of HTTP requests that IIS will process. URLScan scans incoming URL requests and associated data. It uses a series of rules to determine whether the information in each request is potentially dangerous, or contains information not normally expected.  To help you diagnose any potential problems and any attempts to upset your server, URLScan can also log requests—including the offending request data. By blocking specific HTTP requests, the URLScan security tool helps to prevent potentially harmful requests from reaching applications on the server.analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues.

Learn more  |  Download Tool


Windows Defender Offline

Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC.  Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk. 

Learn more  |  Download Tool


    Blogger Comment
    Facebook Comment


Post a Comment