Here is the video presented at OWASP BeNeLux conference, which shows how I used the O2 Platform to create a consolidated view of 3 different window's processes (one from .Net/CLR, one from Java/JM and one from C++ applications). Note that these windows are hosted by a 4th (.Net) process and are fully functional.
The objective of this 'consolidated multi-process window view', is to give developers a really strong 'vulnerability fixing environment'.
Instead of having to use multiple tools (each containing a piece of the info available about the vulnerability to fix), all information available about a specific vulnerability (in this case 'JSP File Include') is shown as an integrated view with:
- the black box security exploit (top left) provided by IBM AppScan Standard (.Net/CLR)
- the white box code analysis (top right) provided by IBM AppScan Source (Java/JVM)
- a source code editor (bottom left) provided by Eclipse (Java/CLR)
- the security guidance (bottom right) provided by Chrome (C++) showing TeamMentor
For technical details on how this view was created (and how the windows were hijacked from its original owners) see:
- Showing Chrome, Eclipse, IBM AppScan Standard and VisualStudio in the same Process/Window
- Util - Win32 Window Handle Hijack (4x host panels) v1.0.exe
- Util - Win32 Window Handle Hijack (simple) v1.0.exe
- Util - Windows Handles - View Handle Screenshot v1.0.exe
- Util - Windows Handles Viewer (Simple GUI with REPL) v1.0.exe
- Util - Windows Handles Viewer (Simple Gui) v1.0.exe
- IBM AppScan Source's and AppScan Standard's TreeViews running side-by-site in the same GUI
- Injecting a .NET REPL into an Unmanaged/C++ application (Notepad)
