Application Security Testing: An Integral Part of DevOps
I was working on a project and it was the moment to deliver the product to the client. I had used my own developed memory leak tool to test the application for memory leaks. My utility passed the test and I was comfortable that there were no memory leaks. But this project was very important and I wanted to be one hundred percent sure that the application did not leak any memory. And, what about handle leaks? My utility does not detect any handle leaks and I was not sure whether my application was leaking handles.
My problem was simple. I did not need a tool to troubleshoot to locate the memory leaks in my code but just wanted to verify that my application was not leaking memory and handles. I started the task manager and observed the memory columns to check the memory usage statistics and ran my application. The memory usage of the application increased and stabilized after some time. I was a bit comfortable but not 100% comfortable as I had no information about the handle leaks in my application.
Well, I ran the tool and was satisfied to see that the private bytes count (process memory usage) did not increase and stabilized soon. However, I was horrified to find that the handle count was increasing continuously. Clearly, my application was leaking handles. After a few hours of struggling, I fixed the handle leaks which were mainly due to Registry open calls. After fixing the handle leaks, the perfmon window was as in the following figure.
Here is the detailed process to watch the memory and handle counters for your process. This is applicable for Windows 2000 but should be same for Windows NT and Windows XP, as well.
- Open perfmon by clicking Start, Settings, Control Panel, Administrative Tools, Performance.
- Click the Add counters tool box(the tool with the + sign). It will display the Add Counter dialog box.
- Check the 'Use local computer counters' radio button.
- Select Process under the 'Performance Object:' drop-down combo box.
- Select the 'Select counters from list' radio button and select 'Handle Count' and 'Private Bytes' from the combo box. This box is a multiline select combo box.
- Select the 'Select instances from list' radio button and select your application from the combo box just below it.
- Press the Add button, followed by the Close button.
This will open the perfmon window. You will see two graphs each for memory (private bytes) and handle count. Run your application and you will see the present status of memory usage and open handles for you process. If any of the counter values increase continuously without being stabilized, there are memory/handle leaks in the application.
There are other counters that are worth watching, especially if your application has a performance hit and needs troubleshooting.