A Software Engineering Approach for Vulnerability Analysis

Due to the increasing dependency on networked computer system, it is important to make a network reliable and dependent. This is even more relevant as new threats of attack are constantly being revealed, compromising the security of systems. This paper addresses this problem by presenting an attack injection methodology for the automatic discovery of vulnerabilities in software components. The proposed methodology, implemented in XDoS & TCP/IP, follows an approach similar to hackers and security analysts to discover vulnerabilities in network-connected servers. To assess the usefulness of this approach, several attack injections are made in POP and IMAP servers. XDetector uses a specification of the server’s communication protocol. Then, while it injects these attacks through the network, it monitors the execution of the server in the target system and the responses returned to the clients. If any abnormality is detected, then the corresponding client’s connection is terminated by the XDetector to prevent any damage to the server and the faulty client can be made secure using traditional debugging tools. KeywordsSoftware Engineering, Attack Injection, Testing and Debugging, XDoS, POP & IMAP.