Inferring Patterns for Taint-Style Vulnerabilities With Security Patches
نویسندگان
چکیده
منابع مشابه
Static analysis for detecting taint-style vulnerabilities in web applications
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable web applications ...
متن کاملStatic Exploration of Taint-Style Vulnerabilities Found by Fuzzing
Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of taint-style vulnerabilities in software to date, they are limited by (i) extent of test coverage; and (ii) the availability of fuzzable test cases. Therefore, fu...
متن کاملClonewise – Automatically Detecting Package Clones and Inferring Security Vulnerabilities
Developers sometimes statically link libraries from other projects, maintain an internal copy of other software or fork development of an existing project. This practice can lead to software vulnerabilities when the embedded code is not kept up to date with upstream sources. As a result, manual techniques have been applied by Linux vendors to track embedded code and identify vulnerabilities. We...
متن کاملIPv6 Security Vulnerabilities
Internet Protocol version 6 (IPv6) is the newest version of the protocol that is used for communications on the Internet. This version has been in existence for many years. But, currently many organizations have slowed their migration to IPv6 because they realize that the security considerations and products for IPv6 might be insufficient, despite the fact that the network infrastructure is rea...
متن کاملPatching assignment optimization for security vulnerabilities
This research is focusing on how IT support center applies the limited resources to elaborate a vulnerability patch in face of its disclosure in a system. We propose the most optimized procedure to design the patch in question and let second-tier security engineer handle the update for vulnerabilities with patch release. While the frontline security engineer are able to provide a firewall to ho...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2019
ISSN: 2169-3536
DOI: 10.1109/access.2019.2911592