Application security code analysis: a step towards software assurance
作者: Sanjay Rawat , Ashutosh Saxena
DOI: 10.1504/IJICS.2009.026622
关键词:
摘要: The last few years have witnessed a rapid growth in cyber attacks, with daily new vulnerabilities being discovered computer applications. Various security-related technologies, e.g., anti-virus programs, Intrusion Detection Systems (IDSs)/Intrusion Prevention (IPSs), firewalls, etc., are deployed to minimise the number of attacks and incurred losses. However, such technologies not enough completely eliminate some extent; they can only them. Therefore, software assurance is becoming priority an important characteristic development life cycle. Application code analysis gaining importance, as it help writing safe during phase by detecting bugs that may lead vulnerabilities. As result, tremendous research on has been carried out industry academia there exist many commercial open source tools approaches for this purpose. These their own pros cons. main objective article explore state-of-the-art major which benefit security professionals, but also novice Information Technology (IT) professionals. We study techniques under basic four types (Static Source Code (SSC), Static Binary (SBC), Dynamic (DSC) (DBC) analysis) briefly discuss
acm.org
sci-hub.se 参考文章(31)
Tavis Ormandy, Will Drewry, Flayer: exposing application internals WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies. pp. 1- ,(2007)
Najwa Aaraj, Anand Raghunathan, Niraj K. Jha, Virtualization-assisted Framework for Prevention of Software Vulnerability Based Security Attacks ,(2007)
Engin Kirda, Christopher Krügel, Nenad Jovanovic, Giovanni Vigna, Philipp Vogt, Florian Nentwich, Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. network and distributed system security symposium. ,(2007)
Brian Chess, Jacob West, Secure Programming with Static Analysis ,(2007)
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
S. Nanda, Wei Li, Lap-Chung Lam, Tzi-cker Chiueh, BIRD: Binary Interpretation using Runtime Disassembly symposium on code generation and optimization. pp. 358- 370 ,(2006) , 10.1109/CGO.2006.6
Laune C. Harris, Barton P. Miller, Practical analysis of stripped binary code ACM SIGARCH Computer Architecture News. ,vol. 33, pp. 63- 68 ,(2005) , 10.1145/1127577.1127590
Engin Kirda, Manuel Egele, Christopher Kruegel, Dawn Song, Heng Yin, Dynamic spyware analysis usenix annual technical conference. pp. 18- ,(2007)
David Thompson, 1997 computer crime and security survey Information Management & Computer Security. ,vol. 6, pp. 78- 101 ,(1998) , 10.1108/09685229810209414