Enhanced Security Testing- Do Automate Debuggers

Slides:

Advertisements

Similar presentations

Advanced Troubleshooting with Debug Diagnostics on IIS 6

Advertisements

Requirements for a UI Test Framework Stanislaw Wozniak Bernie Miles.

Message Queue Dumping MPI Side Document. History MPIR and MQD were designed around 1995 MPIR: Process discovery Formally described in the MPIR document.

Strength. Strategy. Stability. The Application Profiler.

CS4540 Operating System Local/Remote Windows Kernel Debugging Davion Teh | Kelvin Yeap Dillon Burton | Rodney Dulin.

GROUP 2 WINDOWS INTERNALS TOOLS & WINDOWS SDK DEBUGGING TOOLS David Denhollander Kevin Finkler Corey Sarnia Ailun Shen.

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Submitted by: Omer & Ofer Kiselov Supevised by: Dmitri Perelman Networked Software Systems Lab Department of Electrical Engineering, Technion.

1 Introduction to Software Engineering Lecture 42 – Communication Skills.

Microsoft SharePoint 2013 SharePoint 2013 as a Developer Platform

© 2014 IBM Corporation 1 Centralized Agent Update IBM Workload Automation 9.3.

Loupe /loop/ noun a magnifying glass used by jewelers to reveal flaws in gems. a logging and error management tool used by.NET teams to reveal flaws in.

Windows Debugging Demystified

QWise software engineering – refactored! Testing, testing A first-look at the new testing capabilities in Visual Studio 2010 Mathias Olausson.

W INDOWS BLUE SCREEN OF DEATH AFTER CRASH DEBUGGING Alex Mclean Amy Valley Derek Visch.

Management of Source Code Integrity Presented by O/o the Accountant General (A&E), Jammu and Kashmir.

®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

1. When things go wrong: how to find SQL error Sveta Smirnova Principle Technical Support Engineer, Oracle.

Software Testing Life Cycle

FrmModule-SY. Change #1 When you change the New Company Code more than once, it stack the company codes in the Destination Path Y05 = c:\cmswin11.2\y05.

A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.

Strategic Security, Inc. © Exploit Development For Mere Mortals Part 4: Windows Stack Overflows Presented By: Joe McCray

SQL Server Crash Dump Analysis A brief tour with WinDbg and other ugly tools Pablo Álvarez Doval Debugging & Optimization Team Lead

Operating System What is an Operating System? A program that acts as an intermediary between a user of a computer and the computer hardware. An operating.

INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

Windows ® 2000 Debugging André Vachon Development Lead Windows Debuggers Microsoft Corporation.

I can run this simple BAT file to copy files: (this was tried with and without the pause command)

© 2013 MontaVista Software, LLC. MontaVista Confidential and Proprietary. CGE7 Flight Recoder Demo Nawneet Anand.

Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.

| © 2007 LenovoLenovo Confidential Use WinDBG Tool to Analyze BSOD —— Lenovo Service Support Training.

ImageDiags 2.0 Overview Useful For How it can help you

Secure Software Confidentiality Integrity Data Security Authentication

Attacking Antivirus Software's Kernel Driver

Introduction to Information Security

Location of Cluster Files and Folders

CLR MD A New Swiss Army Knife tool for Advanced Debugging

AI emerging trend in QA Sanjeev Kumar Jha, Senior Consultant

End-to-End REST Service Testing Automation

SPRING DRAGON APT - A CASE STUDY OF TARGETED ATTACKS IN APAC COUNTRIES

Continuous Performance Engineering

Automated Test Execution & Reporting (TER) Plugin using JIRA

Yakub Reddy Gurijala –Sr.Technical Architect

Continuous Automated Chatbot Testing

Faster delivery using Device Farm

Software Quality Engineering

Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools

Big Data - in Performance Engineering

Effective ‘Retrospection’ through Pointing Poker Online Tool

.NET Debugging for the Production Environment

ARTIFICIAL INTELLIGENCE IN SOFTWARE TESTING

Cross Platform Network Calls Automation

Workflow-based Automation Framework for Agile Software Development

MIS Automation- A Game Changer in BI Testing

Seamless E2E Automation on Interdependent Systems

IMPACTED TESTS BASED ON

Project insights using mining software repositories

9.0 EMBEDDED SOFTWARE DEVELOPMENT TOOLS

System migration – An automated approach to overcome challenges

ضرورت آموزش و یادگیری الکترونیکی در مدارس

Measure Reliability of Automation – using Machine learning

Using Customer feedback for Automated Test-suite

Updating or installing Flash Player

Introduction to Windbg

Introduction to Windbg – Part2 Symbols

Hello World Program In Visual Studio and Debugging

Presentation transcript:

Enhanced Security Testing- Do Automate Debuggers Nitin Kumar, Lead Software Engineer Varun Bhal, Lead Software Engineer Adobe Systems

Security testing is usually traded off Abstract Finding crashes, intermittent crashes and poor coding is a high priority in testing environment Security testing is usually traded off How many crash dumps can be analyzed? How Automation with debuggers can be helpful in many testing scenarios Crash Dump Analysis automation Finding DLL Hijacking vulnerabilities in automation

Call stack will not be correct Crash Dump Analysis Workflow OS dumps Dump Collection Application dumps Start cdb Load dump file Symbols found Load Symbols Run DBG commands Report the details Call stack will not be correct

Set the gflag for executable DLL Hijacking Automation Workflow Set path for symbols Total logs created Set the gflag for executable Filter the logs Run cdb with attached process Resolution Failure Resolution Hijacking Chain Loading

https://en.wikipedia.org/wiki/Dynamic-link_library References & Appendix Debuggers- windbg tutorial https://www.codeproject.com/Articles/6084/Windows-Debuggers-Part-A-WinDbg-Tutorial https://en.wikipedia.org/wiki/Dynamic-link_library

Author Biography Nitin Kumar – Lead Software Engineer Working as Lead software engineer on Security testing and automation development for Adobe flash player. www.linkedin.com/in/nownitin 2. Varun Bhal – Lead Software Engineer Working as Lead software engineer in automation development for Adobe flash player.

Thank You!!!