Software Vulnerability Discovery Techniques: A Survey

被引:71
作者
Liu, Bingchang [1 ]
Shi, Liang [1 ]
Cai, Zhuhua [1 ]
Li, Min [1 ]
机构
[1] Xiamen Univ, Software Sch, Xiamen, Peoples R China
来源
2012 FOURTH INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY (MINES 2012) | 2012年
关键词
Vulnerability; Software static analysis; Fuzzing; Penetration testing; vulnerability discovery model;
D O I
10.1109/MINES.2012.202
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software vulnerabilities are the root cause of computer security problem. How people can quickly discover vulnerabilities existing in a certain software has always been the focus of information security field. This paper has done research on software vulnerability techniques, including static analysis, Fuzzing, penetration testing. Besides, the authors also take vulnerability discovery models as an example of software vulnerability analysis methods which go hand in hand with vulnerability discovery techniques. The ending part of the paper analyses the advantages and disadvantages of each technique introduced here and talks about the future direction of this field.
引用
收藏
页码:152 / 156
页数:5
相关论文
共 41 条
[1]  
Alhazmi OH, 2005, P 16 IEEE INT S SOFT
[2]  
Alhazmi Omar H., 2006, P IEEE REL MAINT S
[3]  
[Anonymous], 1990, IEEE STANDARD GLOSSA
[4]  
[Anonymous], 2002, Writing Secure Code
[5]  
[Anonymous], 200505 CERIAS PURD U
[6]  
[Anonymous], 2008, NETWORK DISTRIBUTED
[7]  
Arkin B., 2005, IEEE Security Privacy
[8]  
Bishop M., 1996, CSE9611 U CAL DAV DE
[9]  
Bishop Matt, 2007, IEEE SECURITY PRIVAC
[10]  
Boehm B. W., 1984, SOFTWARE ENG EC
12345