Software Vulnerability Discovery Techniques: A Survey
暂无分享,去创建一个
Zhuhua Cai | Liang Shi | Min Li | Bingchang Liu | Zhuhua Cai | B. Liu | Liang Shi | Min Li
[1] Fabio Massacci,et al. An Idea of an Independent Validation of Vulnerability Discovery Models , 2012, ESSoS.
[2] Gregor Snelting,et al. Information flow control for Java based on path conditions in dependence graphs , 2006 .
[3] Barry W. Boehm,et al. Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.
[4] Leon J. Osterweil,et al. Integrating the testing, analysis and debugging of programs , 1984 .
[5] Pedram Amini,et al. Fuzzing: Brute Force Vulnerability Discovery , 2007 .
[6] Alessandro Orso,et al. Penetration Testing with Improved Input Vector Identification , 2009, 2009 International Conference on Software Testing Verification and Validation.
[7] Alessandro Piva,et al. Cryptography and Data Hiding for Media Security , 2008 .
[8] Thomas A. Henzinger,et al. Software Verification with BLAST , 2003, SPIN.
[9] Andy Ozment,et al. Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models , 2006, Quality of Protection.
[10] Y.K. Malaiya,et al. Prediction capabilities of vulnerability discovery models , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..
[11] Barton P. Miller,et al. An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.
[12] Michael D. Ernst. Static and dynamic analysis: synergy and duality , 2003 .
[13] Matt Bishop,et al. About Penetration Testing , 2007, IEEE Security & Privacy.
[14] Nikolai Tillmann,et al. Automating Software Testing Using Program Analysis , 2008, IEEE Software.
[15] Peter Oehlert,et al. Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..
[16] Herbert H. Thompson. Application Penetration Testing , 2005, IEEE Secur. Priv..
[17] Mattia Monga,et al. A Smart Fuzzer for x86 Executables , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).
[18] Sorin Lerner,et al. ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.
[19] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.
[20] Julien Signoles,et al. Experience report: OCaml for an industrial-strength static analysis framework , 2009, ICFP.
[21] James Andrew Ozment,et al. Vulnerability discovery & software security , 2007 .
[22] Koushik Sen. DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.
[23] Marco Pistoia,et al. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection , 2005, ECOOP.
[24] Daniel Geer,et al. Penetration testing: a duet , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..
[25] Eran Yahav,et al. When Role Models Have Flaws: Static Validation of Enterprise Security Policies , 2007, 29th International Conference on Software Engineering (ICSE'07).
[26] Robert W. Shirey,et al. Internet Security Glossary , 2000, RFC.
[27] Standard Glossary of Software Engineering Terminology , 1990 .
[28] Yashwant K. Malaiya,et al. Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).
[29] Yashwant K. Malaiya,et al. Modeling vulnerability discovery process in Apache and IIS HTTP servers , 2011, Comput. Secur..
[30] Eugene H. Spafford,et al. A Trend Analysis of Vulnerabilities , 2005 .
[31] Dawson R. Engler,et al. EXE: Automatically Generating Inputs of Death , 2008, TSEC.
[32] Sorin Lerner. Path-Sensitive Program Veri cation in Polynomial Time , 2002 .
[33] Gary McGraw,et al. Software Penetration Testing , 2005, IEEE Secur. Priv..
[34] Adam Kiezun,et al. Grammar-based whitebox fuzzing , 2008, PLDI '08.
[35] Eran Yahav,et al. A survey of static analysis methods for identifying security vulnerabilities in software systems , 2007, IBM Syst. J..
[36] Matt Bishop,et al. A Critical Analysis of Vulnerability Taxonomies , 1996 .
[37] Eric Rescorla,et al. Is finding security holes a good idea? , 2005, IEEE Security & Privacy.
[38] Marco Pistoia,et al. A unified mathematical model for stack- and role-based authorization systems , 2005 .
[39] Patrice Godefroid,et al. Automated Whitebox Fuzz Testing , 2008, NDSS.
[40] Gary McGraw,et al. Static Analysis for Security , 2004, IEEE Secur. Priv..