Stacy-static code analysis for enhanced vulnerability detection
نویسندگان
چکیده
منابع مشابه
Static Techniques for Vulnerability Detection
Software vulnerabilities provide a way to an attacker as vulnerabilities are the well-known and well understood flaws by the carelessness of developer of the software. For example buffer overflow and format string vulnerabilities are most common and well known class of vulnerabilities. In order to identify these vulnerabilities a comprehensive analysis is required to develop some standard solut...
متن کاملCombining Static and Dynamic Analysis for Vulnerability Detection
In this paper, we present a hybrid approach for buffer overflow detection in C code. The approach makes use of static and dynamic analysis of the application under investigation. The static part consists in calculating taint dependency sequences (TDS) between user controlled inputs and vulnerable statements. This process is akin to program slice of interest to calculate tainted dataand control-...
متن کاملProfile Detection Through Source Code Static Analysis
The present article reflects the progress of an ongoing master’s dissertation on language engineering. The main goal of the work here described, is to infer a programmer’s profile through the analysis of his source code. After such analysis the programmer shall be placed on a scale that characterizes him on his language abilities. There are several potential applications for such profiling, nam...
متن کاملITS4: A Static Vulnerability Scanner for C and C++ Code
We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple en...
متن کاملITS A Static Vulnerability Scanner for C and C Code
We describe ITS a tool for statically scanning security critical C and C source code for vulnerabil ities Compared to other techniques our results indi cate that this approach stakes out a new middle ground on accuracy while being e cient enough to give real time feedback to a developer during coding Our tech nique is also simple enough that it can easily be ap plied to C despite the complexiti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Cogent Engineering
سال: 2017
ISSN: 2331-1916
DOI: 10.1080/23311916.2017.1335470