A source code analyzer designed to surface interesting features and other characteristics in order to answer the question, “What’s in the code?” Using a json-based rules engine, you can quickly do static analysis. Ideal for scanning components before to use or detecting changes in feature level.
From start to finish, Microsoft Application Inspector assists you in safeguarding your applications.
Design Choices – Allows you to choose which components match your needs while leaving a smaller footprint of superfluous or unknown features, reducing the attack surface of your application and assisting in the verification of expected ones (i.e. industry standard crypto alone).
Detecting Feature Deltas – Identifies differences between component versions, which can be crucial in detecting backdoor injection.
Automating Security Compliance Checks – Use as part of your build cycle to identify components with features that require additional security examination, approval, or SDL compliance, or to create a metadata library for all of your corporate applications.
Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.
Download Link: https://github.com/microsoft/ApplicationInspector