This is on older product (the last release was about 5-6 years ago., as far is I can remember) - a logical question here is: what makes it attractive (to write an article about it) it all?
Well, in short - there's still a quite large number of older (legacy) systems (servers without drivers for newer operating systems etc.) still in use - as these are particularly sensitive to modern security challenges (due to the fact that many of them are not patched on a regular basis anymore, i.e. they are in the EOL phase), this makes this tool even more attractive when doing a system analysis or system hardening.
It supports Microsoft OSs ranging from Windows Vista and 7 to Server 2012 - with or without .NET (4) Framework installed - in both x86 and x64 flavors.
It does what it says - analyzes the attack surface by comparing a baseline made before the changes made to the system (by software installation) with the current situation (it makes a sort of diff).
A recommendation is that the baseline is made right after the fresh OS installation (due to the fact that it's easier and faster to perform a scan and analysis on such system).
Let's take a closer look what it looks like - as you can see, it's extremely easy to use and very self-explanatory:
This is what the ASA looks like when it's performing the scan (it usually took a couple of minutes to do it, at least on systems I've been running it on):
At the end of the scan, you should get a (baseline) .CAB file - you can now either:
- exit the app., make changes you've planned and make another (product) scan;
- generate a .HTML report (on differences found between the baseline and the product scan).
At the end of the article, this is what the report looks like (remember, just make sure you DO something about the results! :) ):