A survey on data-driven software vulnerability assessment and prioritization
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security
risks to many software systems. Given the limited resources in practice, SV assessment and …
risks to many software systems. Given the limited resources in practice, SV assessment and …
Automatic vulnerability detection in embedded devices and firmware: Survey and layered taxonomies
In the era of the internet of things (IoT), software-enabled inter-connected devices are of
paramount importance. The embedded systems are very frequently used in both security …
paramount importance. The embedded systems are very frequently used in both security …
Metamorphic testing for web system security
Security testing aims at verifying that the software meets its security properties. In modern
Web systems, however, this often entails the verification of the outputs generated when …
Web systems, however, this often entails the verification of the outputs generated when …
Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach
S Ognawala, T Hutzelmann, E Psallida… - Proceedings of the 33rd …, 2018 - dl.acm.org
Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and
generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input …
generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input …
Memfix: static analysis-based repair of memory deallocation errors for c
We present MemFix, an automated technique for fixing memory deallocation errors in C
programs. MemFix aims to fix memory-leak, double-free, and use-after-free errors, which …
programs. MemFix aims to fix memory-leak, double-free, and use-after-free errors, which …
Metamorphic security testing for web systems
Security testing verifies that the data and the resources of software systems are protected
from attackers. Unfortunately, it suffers from the oracle problem, which refers to the …
from attackers. Unfortunately, it suffers from the oracle problem, which refers to the …
UMLsecRT: reactive security monitoring of java applications with round-trip engineering
S Peldszus, J Bürger, J Jürjens - IEEE Transactions on …, 2023 - ieeexplore.ieee.org
Today's software systems tend to be long-living and often process security-critical data, so
keeping up with ever-changing security measures, attacks, and mitigations is critical to …
keeping up with ever-changing security measures, attacks, and mitigations is critical to …
A natural language programming approach for requirements-based security testing
To facilitate communication among stakeholders, software security requirements are
typically written in natural language and capture both positive requirements (ie, what the …
typically written in natural language and capture both positive requirements (ie, what the …
Advances in symbolic execution
Symbolic execution is a systematic technique for checking programs, which forms a basis for
various software testing and verification techniques. It provides a powerful analysis in …
various software testing and verification techniques. It provides a powerful analysis in …
Automatically assessing vulnerabilities discovered by compositional analysis
S Ognawala, RN Amato, A Pretschner… - Proceedings of the 1st …, 2018 - dl.acm.org
Testing is the most widely employed method to find vulnerabilities in real-world software
programs. Compositional analysis, based on symbolic execution, is an automated testing …
programs. Compositional analysis, based on symbolic execution, is an automated testing …