Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhanced Security Testing- Do Automate Debuggers

Published byKory Miles Modified over 6 years ago

Similar presentations

Presentation on theme: "Enhanced Security Testing- Do Automate Debuggers"— Presentation transcript:

1 Enhanced Security Testing- Do Automate Debuggers
Nitin Kumar, Lead Software Engineer Varun Bhal, Lead Software Engineer Adobe Systems

2 Security testing is usually traded off
Abstract Finding crashes, intermittent crashes and poor coding is a high priority in testing environment Security testing is usually traded off How many crash dumps can be analyzed? How Automation with debuggers can be helpful in many testing scenarios Crash Dump Analysis automation Finding DLL Hijacking vulnerabilities in automation

3 Call stack will not be correct
Crash Dump Analysis Workflow OS dumps Dump Collection Application dumps Start cdb Load dump file Symbols found Load Symbols Run DBG commands Report the details Call stack will not be correct

4 Set the gflag for executable
DLL Hijacking Automation Workflow Set path for symbols Total logs created Set the gflag for executable Filter the logs Run cdb with attached process Resolution Failure Resolution Hijacking Chain Loading

5 https://en.wikipedia.org/wiki/Dynamic-link_library
References & Appendix Debuggers- windbg tutorial

6 Author Biography Nitin Kumar – Lead Software Engineer Working as Lead software engineer on Security testing and automation development for Adobe flash player. 2. Varun Bhal – Lead Software Engineer Working as Lead software engineer in automation development for Adobe flash player.

7 Thank You!!!

Download ppt "Enhanced Security Testing- Do Automate Debuggers"

Similar presentations

Advanced Troubleshooting with Debug Diagnostics on IIS 6

Advanced Troubleshooting with Debug Diagnostics on IIS 6
Requirements for a UI Test Framework Stanislaw Wozniak Bernie Miles.

Requirements for a UI Test Framework Stanislaw Wozniak Bernie Miles.
Message Queue Dumping MPI Side Document. History MPIR and MQD were designed around 1995 MPIR: Process discovery Formally described in the MPIR document.

Message Queue Dumping MPI Side Document. History MPIR and MQD were designed around 1995 MPIR: Process discovery Formally described in the MPIR document.
Strength. Strategy. Stability. The Application Profiler.

Strength. Strategy. Stability. The Application Profiler.
CS4540 Operating System Local/Remote Windows Kernel Debugging Davion Teh | Kelvin Yeap Dillon Burton | Rodney Dulin.

CS4540 Operating System Local/Remote Windows Kernel Debugging Davion Teh | Kelvin Yeap Dillon Burton | Rodney Dulin.
GROUP 2 WINDOWS INTERNALS TOOLS & WINDOWS SDK DEBUGGING TOOLS David Denhollander Kevin Finkler Corey Sarnia Ailun Shen.

GROUP 2 WINDOWS INTERNALS TOOLS & WINDOWS SDK DEBUGGING TOOLS David Denhollander Kevin Finkler Corey Sarnia Ailun Shen.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Submitted by: Omer & Ofer Kiselov Supevised by: Dmitri Perelman Networked Software Systems Lab Department of Electrical Engineering, Technion.

Submitted by: Omer & Ofer Kiselov Supevised by: Dmitri Perelman Networked Software Systems Lab Department of Electrical Engineering, Technion.
1 Introduction to Software Engineering Lecture 42 – Communication Skills.

1 Introduction to Software Engineering Lecture 42 – Communication Skills.
Microsoft SharePoint 2013 SharePoint 2013 as a Developer Platform

Microsoft SharePoint 2013 SharePoint 2013 as a Developer Platform
© 2014 IBM Corporation 1 Centralized Agent Update IBM Workload Automation 9.3.

© 2014 IBM Corporation 1 Centralized Agent Update IBM Workload Automation 9.3.
Loupe /loop/ noun a magnifying glass used by jewelers to reveal flaws in gems. a logging and error management tool used by.NET teams to reveal flaws in.

Loupe /loop/ noun a magnifying glass used by jewelers to reveal flaws in gems. a logging and error management tool used by.NET teams to reveal flaws in.
Windows Debugging Demystified

Windows Debugging Demystified
QWise software engineering – refactored! www.qwise.se Testing, testing A first-look at the new testing capabilities in Visual Studio 2010 Mathias Olausson.

QWise software engineering – refactored! Testing, testing A first-look at the new testing capabilities in Visual Studio 2010 Mathias Olausson.
W INDOWS BLUE SCREEN OF DEATH AFTER CRASH DEBUGGING Alex Mclean Amy Valley Derek Visch.

W INDOWS BLUE SCREEN OF DEATH AFTER CRASH DEBUGGING Alex Mclean Amy Valley Derek Visch.
Management of Source Code Integrity Presented by O/o the Accountant General (A&E), Jammu and Kashmir.

Management of Source Code Integrity Presented by O/o the Accountant General (A&E), Jammu and Kashmir.
®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.

®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
1. When things go wrong: how to find SQL error Sveta Smirnova Principle Technical Support Engineer, Oracle.

1. When things go wrong: how to find SQL error Sveta Smirnova Principle Technical Support Engineer, Oracle.
Software Testing Life Cycle

Software Testing Life Cycle

Similar presentations

Ads by Google