Download
Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's, frameworks and more and has received industry attention as a new and valuable contribution to OSS on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com. Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security.
Features
- The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, etc.
- It supports generating results in HTML, JSON and text output formats
- Microsoft Application Inspector helps you in securing your applications from start to deployment
- Enables you to choose which components meet your needs with a smaller footprint of unnecessary or unknowns features
- Detects changes between component versions which can be critical for detecting injection of backdoors
- Use to identify components with features that require additional security scrutiny, approval or SDL compliance
Project Samples
