S2E: A platform for in-vivo multi-path analysis of software systems
This paper presents S2E, a platform for analyzing the properties and behavior of software
systems. We demonstrate S2E's use in developing practical tools for comprehensive …
systems. We demonstrate S2E's use in developing practical tools for comprehensive …
On combining static, dynamic and interactive analysis security testing tools to improve owasp top ten security vulnerability detection in web applications
F Mateo Tudela, JR Bermejo Higuera… - Applied Sciences, 2020 - mdpi.com
Featured Application This document provides a complete comparative study of how different
types of security analysis tools,(static, interactive and dynamic) can combine to obtain the …
types of security analysis tools,(static, interactive and dynamic) can combine to obtain the …
Verifying an HTTP key-value server with interaction trees and VST
We present a networked key-value server, implemented in C and formally verified in Coq.
The server interacts with clients using a subset of the HTTP/1.1 protocol and is specified and …
The server interacts with clients using a subset of the HTTP/1.1 protocol and is specified and …
Static analysis of source code security: Assessment of tools against SAMATE tests
G Díaz, JR Bermejo - Information and software technology, 2013 - Elsevier
CONTEXT: Static analysis tools are used to discover security vulnerabilities in source code.
They suffer from false negatives and false positives. A false positive is a reported …
They suffer from false negatives and false positives. A false positive is a reported …
Scalable and incremental software bug detection
S McPeak, CH Gros, MK Ramanathan - … of the 2013 9th Joint Meeting on …, 2013 - dl.acm.org
An important, but often neglected, goal of static analysis for detecting bugs is the ability to
show defects to the programmer quickly. Unfortunately, existing static analysis tools scale …
show defects to the programmer quickly. Unfortunately, existing static analysis tools scale …
[PDF][PDF] Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities.
To detect security vulnerabilities in a web application, the security analyst must choose the
best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest …
best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest …
BegBunch: benchmarking for C bug detection tools
C Cifuentes, C Hoermann, N Keynes, L Li… - Proceedings of the 2nd …, 2009 - dl.acm.org
Benchmarks for bug detection tools are still in their infancy. Though in recent years various
tools and techniques were introduced, little effort has been spent on creating a benchmark …
tools and techniques were introduced, little effort has been spent on creating a benchmark …
Efficient model checking technique for finding software defects
MJV Basauri, CN Cifuentes - US Patent 8,732,669, 2014 - Google Patents
(57) ABSTRACT A method for detecting defects in a computer program. The method steps
include obtaining source code and a potential defect definition; identifying, based on the …
include obtaining source code and a potential defect definition; identifying, based on the …
Practical and effective symbolic analysis for buffer overflow detection
L Li, C Cifuentes, N Keynes - Proceedings of the eighteenth ACM …, 2010 - dl.acm.org
Although buffer overflow detection has been studied for more than 20 years, it is still the
most common source of security vulnerabilities in systems code. Different approaches using …
most common source of security vulnerabilities in systems code. Different approaches using …
The life and death of statically detected vulnerabilities: An empirical study
Vulnerable statements constitute a major problem for developers and maintainers of
networking systems. Their presence can ease the success of security attacks, aimed at …
networking systems. Their presence can ease the success of security attacks, aimed at …