This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances. © 2011 IFIP International Federation for Information Processing.
CITATION STYLE
Mammar, A., Cavalli, A., Jimenez, W., Mallouli, W., & De Oca, E. M. (2011). Using testing techniques for vulnerability detection in C programs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7019 LNCS, pp. 80–96). Springer Verlag. https://doi.org/10.1007/978-3-642-24580-0_7
Mendeley helps you to discover research relevant for your work.