Mitigating and Monitoring Program Security Vulnerabilities
نویسنده
چکیده
Today's programs are implemented in a variety of languages and contain serious vulnerabilities which can be exploited to cause security breaches. These vulnerabilities have been exploited in real life and resulted in damages to related stakeholders such as program users. As most vulnerabilities belong to program code, many techniques have been applied to mitigate vulnerabilities before and after program deployment. Unfortunately, there is no comprehensive comparative analysis of different vulnerability mitigation works. As a result, there exists an obscure mapping between the techniques, the addressed vulnerabilities, and the limitations of different approaches. This paper attempts to address these issues. The paper extensively compares and contrasts the existing program security vulnerability mitigation (testing, static analysis, and hybrid analysis) and monitoring techniques. We also discuss other techniques employed to mitigate the most common program security vulnerabilities: secure programming, patching, and program transformation. The survey provides a comprehensive understanding of the current program vulnerability mitigation approaches and challenges as well as their key characteristics and limitations. Moreover, our discussion highlights the open issues and future research directions in the area of program security vulnerability mitigation and monitoring.
منابع مشابه
Statically Detecting Likely Buffer Overflow Vulnerabilities
Buffer overflow attacks may be today’s single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation...
متن کاملMonitoring Buffer Overflow Attacks: A Perennial Task
Buffer overflow (BOF) is a well-known, and one of the worst and oldest, vulnerabilities in programs. BOF attacks overwrite data buffers and introduce wide ranges of attacks like execution of arbitrary injected code. Many approaches are applied to mitigate buffer overflow vulnerabilities; however, mitigating BOF vulnerabilities is a perennial task as these vulnerabilities elude the mitigation ef...
متن کاملDetection and Mitigation of Web Application Vulnerabilities Based on Security Testing
The paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fu...
متن کاملPredicting Unknown Vulnerabilities using Software Metrics and Maturity Models
We face an increasing reliance on software-based services, applications, platforms, and infrastructures to accomplish daily activities. It is possible to introduce vulnerabilities during any software life cycle and these vulnerabilities could lead to security attacks. It is known that as the software complexity increases, discovering a new security vulnerability introduced by subsequent updates...
متن کامل