Software Vulnerability Discovery Techniques: A Survey

被引:64
作者
Liu, Bingchang [1 ]
Shi, Liang [1 ]
Cai, Zhuhua [1 ]
Li, Min [1 ]
机构
[1] Xiamen Univ, Software Sch, Xiamen, Peoples R China
来源
2012 FOURTH INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY (MINES 2012) | 2012年
关键词
Vulnerability; Software static analysis; Fuzzing; Penetration testing; vulnerability discovery model;
D O I
10.1109/MINES.2012.202
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software vulnerabilities are the root cause of computer security problem. How people can quickly discover vulnerabilities existing in a certain software has always been the focus of information security field. This paper has done research on software vulnerability techniques, including static analysis, Fuzzing, penetration testing. Besides, the authors also take vulnerability discovery models as an example of software vulnerability analysis methods which go hand in hand with vulnerability discovery techniques. The ending part of the paper analyses the advantages and disadvantages of each technique introduced here and talks about the future direction of this field.
引用
收藏
页码:152 / 156
页数:5
相关论文
共 41 条
  • [31] Ozment A., 2006, QUALITY PROTECTION S
  • [32] Ozment A., 2007, Vulnerability Discovery Software Security
  • [33] PISTOIA M, 2005, P 9 EUR C OBJ OR PRO
  • [34] Pistoia M., 2007, IBM SYSTEMS J, V46
  • [35] PISTOIA M, 2005, THESIS POLYTECHNIC U
  • [36] Pistoia M., 2007, P INT C SOFTW ENG MI
  • [37] Rescorla E, 2005, IEEE SECURITY PRIVAC
  • [38] Shirey R., 2002, RFC2828 RETF
  • [39] Sutton Michael, 2007, Fuzzing: Brute Force Vulnerability Discovery
  • [40] THOMPSON HERBERT H., 2005, IEEE SECURITY PRIVAC
12345