The Need for Fourth Generation Static Analysis Tools for Security – From Bugs to Flaws
ثبت نشده
چکیده
This paper discusses some of the limitations of the current (third) generation static code analyzers for security available on the market today and gives reasons for the plateau in their usefulness to a code reviewer. We further describe some of the characteristics of the next generation static analysis technology that will enable a new quantum leap in the space of static analysis with tools that are able to detect software security flaws, not merely implementation level bugs.
منابع مشابه
Static Security Constrained Generation Scheduling Using Sensitivity Characteristics of Neural Network
This paper proposes a novel approach for generation scheduling using sensitivitycharacteristic of a Security Analyzer Neural Network (SANN) for improving static securityof power system. In this paper, the potential overloading at the post contingency steadystateassociated with each line outage is proposed as a security index which is used forevaluation and enhancement of system static security....
متن کاملCross-boundary Security Analysis
The goal of the project was to develop new methods to discover security vulnerabilities and security exploits. The research involved static analysis, dynamic analysis, and symbolic execution of software at both the source-code and machine-code levels. An aspect that distinguished the approach taken in the project from previous work was the attempt to uncover security problems due to differences...
متن کاملStatic analysis of dynamic scripting languages
Scripting languages, such as PHP, are among the most widely used and fastest growing programming languages, particularly for web applications. Static analysis is an important tool for detecting security flaws, finding bugs, and improving compilation of programs. However, static analysis of scripting languages is difficult due to features found in languages such as PHP. These features include ru...
متن کاملFinding security bugs in web applications using domain-specific static analysis
This thesis proposes new techniques for finding and eliminating application-specific bugs in web applications. We demonstrate three approaches to finding these bugs, each representing one position in the compromise between specificity and automation. All three are powered by a scalable symbolic execution specifically tailored to the structure of web application implementations, allowing analysi...
متن کاملStatic detection of C++ vtable escape vulnerabilities in binary code
Static binary code analysis is a longstanding technique used to find security defects in deployed proprietary software. The complexities of binary code compiled from object-oriented source languages (e.g. C++) has limited the utility of binary analysis to basic applications using simpler coding constructs, so vulnerabilities in object-oriented code remain undetected. In this paper, we present v...
متن کامل