JavaScript is one of the most popular programming languages. However, its dynamic nature poses several challenges to automated testing techniques. In this paper, we propose an approach and open-source tool support enable white-box applications using Search-Based Software Testing (SBST) We provide collect search-based heuristics like common Branch Distance Testability Transformations . To empiri...

The number of Web controls’ security vulnerability surged with ever-changing varieties of attacks. Therefore this paper analyzes test model for Web controls’ vulnerability, and put forward a improved test model for Web controls’ vulnerability. Be aimed to test vulnerability of Web ActiveX controls combining static analysis and dynamic analysis, as well as put forward a proposal of optimizing th...

Data formats play a central role in information processing, exchange and storage. Security-related tasks such as the documentation of exploits or format-aware fuzzing of files depend on formalized data format knowledge. In this article, we present a model for describing arbitrary data format instances as well as arbitrary data formats as a whole. Using the Bitstream Segment Graph (BSG) model an...

As an essential component responsible for communication, network services are security-critical, and it is vital to find vulnerabilities in them. Fuzzing currently one of the most popular software vulnerability discovery techniques, widely adopted due its high efficiency low false positives. However, existing coverage-guided fuzzers mainly aim at stateless local applications, leaving stateful u...

Introduction: The standard way to check the quality of a compiler is manual testing. However, it does not allow cover vast diversity programs that can be written in target programming language. Today, addition tests there are many automated testing methods, among which fuzzing one most powerful and useful. A fuzzer tool generates random program language checks how works this Purpose: To develop...

Memory corruption vulnerabilities remain a prevalent threat on low-cost bare-metal devices. Fuzzing is popular technique for automatically discovering such vulnerabilities. However, devices lack even basic security mechanisms as Management Unit. Consequently, fuzzing approaches encounter silent memory corruptions with no visible effects, making discovery difficult. Once discovered, it also esse...

With a growing number of embedded devices that create, transform, and send data autonomously at its core, the Internet Things (IoT) is reality in different sectors, such as manufacturing, healthcare, or transportation. this expansion, IoT becoming more present critical environments, where security paramount. Infamous attacks, Mirai, have shown insecurity power IoT, well potential large-scale at...