Concolic Execution for Django Applications
نویسندگان
چکیده
Concolic execution systems allow developers to verify that invariants in their applications are not violated no matter what input is given by a user. This was demonstrated in Lab 3, where the Z3 solver was used to find inputs that would trigger inconsistencies in Zoobar balances. Unfortunately, the lab’s framework is written specifically for Zoobar, and would therefore not work for other applications without substantial modifications. Invariant checking is useful for a wide range of applications, and thus we decided to make our 6.858 final project building a generic concolic execution interface for any Django-based web application.
منابع مشابه
Scaling Concolic Execution of Binary Programs for Security Applications
Concolic execution is a technique for program analysis that makes the values of certain inputs symbolic, symbolically executes a program’s code, and computes a symbolic logical formula to represent a desired behavior of the program under analysis. The computed formula is then solved by a decision procedure to determine whether the desired behavior is feasible and, if so, provide an example prog...
متن کاملEffective software testing with a string-constraint solver
This dissertation presents techniques and tools for improving software reliability, by using an expressive string-constraint solver to make implementation-based testing more effective and more applicable. Concolic testing is a paradigm of implementation-based systematic software testing that combines dynamic symbolic execution with constraint-based systematic execution-path enumeration. Concoli...
متن کاملEffective Software Testing with a String - Constraint
This dissertation presents techniques and tools for improving software reliability, by using an expressive string-constraint solver to make implementation-based testing more effective and more applicable. Concolic testing is a paradigm of implementation-based systematic software testing that combines dynamic symbolic execution with constraint-based systematic execution-path enumeration. Concoli...
متن کاملOasis: Concolic Execution Driven by Test Suites and Code Modifications
Testing remains an important aspect of checking software correctness. Manually constructed test suites are one option: they typically complete quickly, but they require human involvement in producing test cases, and their coverage may be limited. Recently, symbolic execution and concolic execution have been investigated as alternatives to test suites. These approaches require little manual inte...
متن کاملDriller: Augmenting Fuzzing Through Selective Symbolic Execution
Memory corruption vulnerabilities are an everpresent risk in software, which attackers can exploit to obtain unauthorized access to confidential information. As products with access to sensitive data are becoming more prevalent, the number of potentially exploitable systems is also increasing, resulting in a greater need for automated software vetting tools. DARPA recently funded a competition,...
متن کامل