Vulnerability discovery is base technology in information system development, product testing and counterinformation. At present, vulnerability discovery already has been turned into the hot spot of the global security researches. There are so many kinds of vulnerability discovery methods. Many vulnerabilities has been found each year. But the frame work of the vulnerability discovery is out of the researchers' sight. By analyzing the characters of the targets of vulnerability discovery, and researching the technological process of discovery process, and recovering the potential connections among each way of discovery. We present at first the architecture of vulnerability discovery technologies which divided into five layers namely, base layer, abstraction layer, discovery layer, analysis layer, and exploitation layer, and also explains in great detail the content, role and key supporting technologies of each layer. At last, this paper gives the outlook and the direction for the future work.
[1]
Richard J. Enbody,et al.
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing
,
2007
.
[2]
David A. Wagner,et al.
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
,
2000,
NDSS.
[3]
Miao Huai-kou,et al.
Axiomatic Assessment of Logic Coverage Software Testing Criteria
,
2004
.
[4]
Pedram Amini,et al.
Fuzzing: Brute Force Vulnerability Discovery
,
2007
.
[5]
Changhai Nie,et al.
Effectively Metamorphic Testing Based on Program Path Analysis: Effectively Metamorphic Testing Based on Program Path Analysis
,
2009
.
[6]
Wu Shizhong.
Review and outlook of information security vulnerability analysis
,
2009
.