What is Microsoft Security Risk Detection?
Security Risk Detection is Microsoft's unique fuzz testing service for finding security critical bugs in software. Security Risk Detection helps customers quickly adopt practices and technology battle-tested over the last 15 years at Microsoft.
READ SUCCESS STORIES
"Million dollar" bugs
Security Risk Detection uses "Whitebox Fuzzing" technology which discovered 1/3rd of the "million dollar" security bugs during Windows 7 development.
Battle tested tech
The same state-of-the-art tools and practices honed at Microsoft for the last decade and instrumental in hardening Windows and Office — with the results to prove it.
Scalable fuzz lab in the cloud
One click scalable, automated, Intelligent Security testing lab in the cloud.
Linux Fuzzing is now available. So, whether you're building or deploying software for Windows or Linux or both, you can utilize our Service.
How does Microsoft Security Risk Detection work?
1. Upload binaries
One-time configuration and sample inputs
The customer logs into a secure web portal. Security Risk Detection provides a Virtual Machine (VM) for the customer to install the binaries of the software to be tested, along with a "test driver" program that runs the scenario to be tested, and a set of sample input files called "seed files" to use as a starting point for fuzzing.
2. Run multiple fuzzers
Get data on every run
Security Risk Detection will continuously fuzz test using multiple methods, including Microsoft whitebox fuzzing technology.
3. Identify high-value bugs
Report actionable test cases
Security Risk Detection reports security vulnerabilities in real time on the secure web portal. Customers can download actionable test cases to reproduce the issue.
4. Fix bugs
Review report and take action
Customer can prioritize and fix bugs. Then re-test to ensure the effectiveness of the fix.
The Security Risk Detection Value Proposition
Be empowered with data to make the right decisions across a variety of software scenarios.
Drive security quality testing into your development process, resulting in software that's reliable and resilient to attack.
Assess the security-related technical debt of software products you're thinking about buying, whether it's an off-the-shelf product or IP from a pending acquisition or merger.
Make well-informed cloud migration decisions based on assessed quality of existing legacy applications.
Make well-informed Architectural decisions based on the Security Quality of your existing Applications.