Overview
Explore a comprehensive presentation from Black Hat USA 2013 on Bugalyze.com, a free online web service for detecting software bugs and vulnerabilities through static analysis of binary executables. Discover how this innovative tool combines decompilation and data flow analysis to uncover issues like use-after-frees and double frees. Learn about the system's architecture, consisting of over 100,000 lines of C++ code and a scalable, load-balanced multi-node Amazon EC2 cluster. Gain insights into Bugwise's development process and its successful application in finding real bugs and vulnerabilities in Debian Linux, including double free, use-after-free, and numerous getenv(,strcpy) bugs discovered through scanning the entire Debian repository.
Syllabus
Black Hat USA 2013 - Bugalyze.com - Detecting Bugs Using Decompilation and Data Flow Analysis
Taught by
Black Hat