Software Vulnerability Discovery Techniques: A Survey

被引：71

作者：

Liu, Bingchang ^{[1
]}

Shi, Liang ^{[1
]}

Cai, Zhuhua ^{[1
]}

Li, Min ^{[1
]}

机构：

[1] Xiamen Univ, Software Sch, Xiamen, Peoples R China

来源：

2012 FOURTH INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY (MINES 2012) | 2012年

关键词：

Vulnerability; Software static analysis; Fuzzing; Penetration testing; vulnerability discovery model;

D O I：

10.1109/MINES.2012.202

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Software vulnerabilities are the root cause of computer security problem. How people can quickly discover vulnerabilities existing in a certain software has always been the focus of information security field. This paper has done research on software vulnerability techniques, including static analysis, Fuzzing, penetration testing. Besides, the authors also take vulnerability discovery models as an example of software vulnerability analysis methods which go hand in hand with vulnerability discovery techniques. The ending part of the paper analyses the advantages and disadvantages of each technique introduced here and talks about the future direction of this field.

引用

页码：152 / 156

页数：5

共 41 条

[31]

Ozment A., 2006, QUALITY PROTECTION S

[32]

Ozment A., 2007, Vulnerability Discovery Software Security

[33]

PISTOIA M, 2005, P 9 EUR C OBJ OR PRO

[34]

Pistoia M., 2007, IBM SYSTEMS J, V46

[35]

PISTOIA M, 2005, THESIS POLYTECHNIC U

[36]

Pistoia M., 2007, P INT C SOFTW ENG MI

[37]

Rescorla E, 2005, IEEE SECURITY PRIVAC

[38]

Shirey R., 2002, RFC2828 RETF

[39]

Sutton Michael, 2007, Fuzzing: Brute Force Vulnerability Discovery

[40]

THOMPSON HERBERT H., 2005, IEEE SECURITY PRIVAC

← 1 2 3 4 5 →