Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
324
Automated Whitebox Fuzz Testing
"... Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program and test the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in ..."
Abstract
-
Cited by 311 (25 self)
- Add to MetaCart
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program and test the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
- IN 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2006
"... The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated so ..."
Abstract
-
Cited by 212 (23 self)
- Add to MetaCart
, the open source prototype implementation of our concepts, is targeted at detecting cross-site scripting vulnerabilities in PHP scripts. Using our tool, we discovered and reported 15 previously unknown vulnerabilities in three web applications, and reconstructed 36 known vulnerabilities in three other web
Static Detection of Security Vulnerabilities in Scripting Languages
"... We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock, intraproced ..."
Abstract
-
Cited by 197 (3 self)
- Add to MetaCart
We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock
A graph-based system for network-vulnerability analysis
- in Proceedings of the 1998 workshop on New security paradigms
, 1998
"... caphill @ sandia..qov This paper presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences follow ..."
Abstract
-
Cited by 168 (0 self)
- Add to MetaCart
following a successful attack. The graph-based tool can identify the set of attack paths that have a high probability of success (or a low "effort " cost) for the attacker. The system could be used to test the effectiveness of making configuration changes, implementing an intrusion
A Practical Dynamic Buffer Overflow Detector
- In Proceedings of the 11th Annual Network and Distributed System Security Symposium
, 2004
"... Despite previous efforts in auditing software manually and automatically, buffer overruns are still being discovered in programs in use. A dynamic bounds checker detects buffer overruns in erroneous software before it occurs and thereby prevents attacks from corrupting the integrity of the system. D ..."
Abstract
-
Cited by 187 (1 self)
- Add to MetaCart
that has been tested on over 20 open-source programs, comprising over 1.2 million lines of C code. CRED proved effective in detecting buffer overrun attacks on programs with known vulnerabilities, and is the only tool found to guard against a testbed of 20 different buffer overflow attacks[34]. Finding
Ether: Malware Analysis via Hardware Virtualization Extensions
- In Proceedings of the 15th ACM Conference on Computer and Communications Security
, 2008
"... Malware has become the centerpiece of most security threats on the Internet. Malware analysis is an essential technology that extracts the runtime behavior of malware, and supplies signatures to detection systems and provides evidence for recovery and cleanup. The focal point in the malware analysis ..."
Abstract
-
Cited by 154 (7 self)
- Add to MetaCart
approach to malware analysis, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware. Our analyzer, Ether, is based on a novel application of hardware virtualization extensions such as Intel VT
ConMem: Detecting Severe Concurrency Bugs through an Effect-Oriented Approach
"... Multicore technology is making concurrent programs increasingly pervasive. Unfortunately, it is difficult to deliver reliable concurrent programs, because of the huge and non-deterministic interleaving space. In reality, without the resources to thoroughly check the interleaving space, critical conc ..."
Abstract
-
Cited by 44 (8 self)
- Add to MetaCart
and atomicity-violations), this paper targets concurrency bugs that result in one type of severe effects: program crashes. Our study of the error-propagation process of realworld concurrency bugs reveals a common pattern (50 % in our non-deadlock concurrency bug set) that is highly correlated with program
Guided test for detecting concurrency errors
"... Mainstream programming is migrating to concurrent archi-tectures to improve performance and facilitate more complex computation. The state of the art analysis tools for detect-ing concurrency errors such as deadlocks and race condi-tions are imprecise, generate a large number of false error reports, ..."
Abstract
- Add to MetaCart
Mainstream programming is migrating to concurrent archi-tectures to improve performance and facilitate more complex computation. The state of the art analysis tools for detect-ing concurrency errors such as deadlocks and race condi-tions are imprecise, generate a large number of false error reports
Analysis of the Effect of Java Software Faults on Security Vulnerabilities and Their Detection by Commercial Web Vulnerability Scanner Tool
"... Most software systems developed nowadays are highly complex and subject to strict time constraints, and are often deployed with critical software faults. In many cases, software faults are responsible for security vulnerabilities which are exploited by hackers. Automatic web vulnerability scanners c ..."
Abstract
- Add to MetaCart
can help to locate these vulnerabilities. Trustworthiness of the results that these tools provide is important; hence, relevance of the results must be assessed. We analyze the effect on security vulnerabilities of Java software faults injected on source code of Web applications. We assess how
Safemem: Exploiting ECC-memory for detecting memory leaks and memory corruption during production runs
- In Proceedings of the 11th International Symposium on High-Performance Computer Architecture
, 2005
"... Memory leaks and memory corruption are two major forms of software bugs that severely threaten system availability and security. According to the US-CERT Vulnerability Notes Database, 68 % of all reported vulnerabilities in 2003 were caused by memory leaks or memory corruption. Dynamic monitoring to ..."
Abstract
-
Cited by 85 (12 self)
- Add to MetaCart
tools, such as the state-of-the-art Purify, are commonly used to detect memory leaks and memory corruption. However, most of these tools suffer from high overhead, with up to a 20 times slowdown, making them infeasible to be used for production-runs. This paper proposes a tool called SafeMem to detect
Results 1 - 10
of
324
