Traditionally, the “Hello World” program/script is the first few lines of code that a new developer writes. Similarly, the Microsoft Security Assessment Tool (MSAT) version 3.0 is my first published application available to the public (MSAT installer).
As imposing as the name may sound, specially with the word “Security” in there, it really is a simple application. It isn’t a pervasive application that would examine your systems and network. Instead, think of it as a long (and I mean long) questionaire that covers anywhere from anti-virus use to policies and procedures regarding employee termination/exits. Based on the user’s answers, a score is generated and can be compared to other companies/organizations. Your organization’s health security report can be viewed as a graphical representation with recommendations on how you can improve security.
I inherited the application back in April 2007 when it was in its 2.0 version. For 3.0 the following features and modifications were made.
- Added additional questions to the base assessment questionaire.
- Re-visit, re-factor and re-normalized scoring mechanism.
- Disable globalization/localization
- Update references and recommendations
- Encrypt serialized XML files (both data source and data outputs)
Version 3.0 doesn’t seem like much but it ended up quite the little beast. Unfortunately I inherited an application that didn’t follow the best coding practices and there were significant portions that essentially had to be re-written. There were times where I wanted to submit code snippets to Daily WTF.
Eventually I was able to get the application up to par to be released in time for this year’s TechEd. I’ve continued working on the application since and version 3.5 is in its evaluation stages at this time. I’ll add another blog about 3.5 and provide the feature/change set.
