Abstract

We apply dynamic taint propagation to find input validation bugs using less effort than typical security testing. We monitor a target program as it executes in order to track untrusted user input. Our system works in conjunction with normal functional testing, so effort devoted to functional testing can be directly leveraged to uncover vulnerabilities. The result is that we achieve higher test coverage (and therefore find more bugs) than typical security testing techniques and make it practical for quality assurance organizations with no security experience to test the security of the software they examine.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Computed Tomography or Functional Stress Testing for the Prediction of Risk: Can I Have My Cake and Eat It?
David E Newby
Circulation | VOL. 136
David E NewbyDavid E Newby
28 Aug 2017
Prognostic Value of Noninvasive Cardiovascular Testing in Patients With Stable Chest Pain: Insights From the PROMISE Trial (Prospective Multicenter Imaging Study for Evaluation of Chest Pain).
Udo Hoffmann ... Matthew Budoff
Circulation | VOL. 135
Udo Hoffmann, et. al.Udo Hoffmann ... Matthew Budoff
13 Jun 2017
Using malware for software-defined networking–based smart home security management through a taint checking approach
Ping Wang ... Wun-Jie Chao
International Journal of Distributed Sensor Networks | VOL. 12
Ping Wang, et. al.Ping Wang ... Wun-Jie Chao
01 Aug 2016
Abstract 18053: Prognostic Value of Anatomic versus Functional Diagnostic Testing in Symptomatic Patients With Suspected CAD: The PROMISE Trial (PROspective Multicenter Imaging Study for Evaluation of Chest Pain)
Udo Hoffmann ... Michael H Picard
Circulation | VOL. 132
Udo Hoffmann, et. al.Udo Hoffmann ... Michael H Picard
10 Nov 2015
View more papers

More From: Information Security Technical Report

Paper Title
Journal
Date
Author
ARES 2012 special issue
-
Information Security Technical Report | VOL. 17
--
01 May 2013
Toward web-based information security knowledge sharing
Daniel Feledi ... Lukas Lechner
Information Security Technical Report | VOL. 17
Daniel Feledi, et. al.Daniel Feledi ... Lukas Lechner
01 May 2013
Bridging the gap between role mining and role engineering via migration guides
Anne Baumgrass ... Mark Strembeck
Information Security Technical Report | VOL. 17
Anne Baumgrass, et. al.Anne Baumgrass ... Mark Strembeck
21 Apr 2013
Analyses of two end-user software vulnerability exposure metrics (extended version)
Jason L Wright ... Lawrence Wellman
Information Security Technical Report | VOL. 17
Jason L Wright, et. al.Jason L Wright ... Lawrence Wellman
17 Apr 2013
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.