Any substantial computer programs interfaces with and relies upon many different system objects. These objects include files, network and physical devices, and other programs. Each time a program interacts with one of these objects, there is an assumed level of trust associated with the action. For example, if the program is opening a file, it assumes the file is correctly formatted. Often times programmers fail to implement robust input validation into their applications, meaning that any error (benign or malicious) can harm their program. As a software tester, and especially a software security tester, these interfaces are an important area to test.
Before you can test a program, you have to know where to look. A comprehensive map of all the entry points to the program needs to be mapped out. This is sometimes called the attack surface. Process Explorer, by SysInternals, is one of the best tools available for mapping out a Windows application and determining its interfaces. Process Explorer shows a real-time view of all open processes. Depending on the selected mode, the program will also display all open handles a process is using, or all of the DLLs and memory-mapped files currently in use. Look closely at the file handles and you will see that Process Explorer also included network device handles, like \Device\Ip. Programs that interface with the network should be tested with more scrutiny. The data gathered from this program will provide a great footprint of an application and give you a good starting point for testing.
By no means is Process Explorer designed solely for software testers. This programs gives you absolutely tons of information about your system and the processes running on it. This application is invaluable for anyone who wants insight to their computer or an application, and is a good supplement for Window’s default Task Manager. Later I will post about tools that dig deeper into an application and reveal precisely what files and registry keys are opened, read, and written to at any given time. For now though, this should be a good start.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.