Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities II

Leveraging Applications of Formal Methods, Verification and Validation. Specialized Techniques and Applications - Lecture Notes in Computer Science ◽

10.1007/978-3-662-45231-8_39 ◽

2014 ◽

pp. 486-488 ◽

Cited By ~ 2

Author(s):

George Chatzieleftheriou ◽

Apostolos Chatzopoulos ◽

Panagiotis Katsaros

Keyword(s):

Static Analysis ◽

Analysis Tools

Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽

10.1186/s42400-021-00083-9 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Roee S. Leon ◽

Michael Kiperberg ◽

Anat Anatey Leon Zabag ◽

Nezer Jacob Zaidenberg

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Cyber Security ◽

Malware Analysis ◽

Analysis Tools ◽

Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Security Notifications in Static Analysis Tools: Developers’ Attitudes, Comprehension, and Ability to Act on Them

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems ◽

10.1145/3411764.3445616 ◽

2021 ◽

Author(s):

Mohammad Tahaei ◽

Kami Vaniea ◽

Konstantin (Kosta) Beznosov ◽

Maria K Wolters

Keyword(s):

Static Analysis ◽

Analysis Tools ◽

Ability To Act

Static analysis tools for security checking in code at Motorola

ACM SIGAda Ada Letters ◽

10.1145/1387830.1387833 ◽

2008 ◽

Vol XXVIII (1) ◽

pp. 76-82 ◽

Cited By ~ 4

Author(s):

R Krishnan ◽

Margaret Nadworny ◽

Nishil Bharill

Keyword(s):

Static Analysis ◽

Analysis Tools

Using static analysis tools to assist student project evaluation

Proceedings of the 2nd ACM SIGSOFT International Workshop on Education through Advanced Software Engineering and Artificial Intelligence ◽

10.1145/3412453.3423195 ◽

2020 ◽

Author(s):

Arthur-Jozsef Molnar ◽

Simona Motogna ◽

Cristina Vlad

Keyword(s):

Static Analysis ◽

Project Evaluation ◽

Analysis Tools

Why don't software developers use static analysis tools to find bugs?

2013 35th International Conference on Software Engineering (ICSE) ◽

10.1109/icse.2013.6606613 ◽

2013 ◽

Cited By ~ 154

Author(s):

Brittany Johnson ◽

Yoonki Song ◽

Emerson Murphy-Hill ◽

Robert Bowdidge

Keyword(s):

Static Analysis ◽

Software Developers ◽

Analysis Tools

An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios

Computing ◽

10.1007/s00607-018-0664-z ◽

2018 ◽

Vol 101 (2) ◽

pp. 161-185 ◽

Cited By ~ 4

Author(s):

Paulo Nunes ◽

Ibéria Medeiros ◽

José Fonseca ◽

Nuno Neves ◽

Miguel Correia ◽

...

Keyword(s):

Empirical Study ◽

Static Analysis ◽

Web Security ◽

Security Vulnerabilities ◽

Development Scenarios ◽

Analysis Tools

Evaluation of SQL Injection Vulnerability Detection Tools

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.a2648.109119 ◽

2019 ◽

Vol 9 (1) ◽

pp. 1747-1751

Keyword(s):

Static Analysis ◽

Web Applications ◽

Source Code ◽

False Negative ◽

Vulnerability Detection ◽

Sql Injection ◽

User Input ◽

Root Cause ◽

Analysis Tools ◽

Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

Learning a Classifier for Prediction of Maintainability Based on Static Analysis Tools

2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC) ◽

10.1109/icpc.2019.00043 ◽

2019 ◽

Cited By ~ 3

Author(s):

Markus Schnappinger ◽

Mohd Hafeez Osman ◽

Alexander Pretschner ◽

Arnaud Fietzke

Keyword(s):

Static Analysis ◽

Analysis Tools

Effects of Automated Static Analysis Tools: A Multidimensional View on Quality Evolution

2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion) ◽

10.1109/icse-companion.2019.00075 ◽

2019 ◽

Cited By ~ 1

Author(s):

Alexander Trautsch

Keyword(s):

Static Analysis ◽

Analysis Tools

A Novel Memory Leak Classification for Evaluating the Applicability of Static Analysis Tools

2018 IEEE International Conference on Progress in Informatics and Computing (PIC) ◽

10.1109/pic.2018.8706142 ◽

2018 ◽

Author(s):

Sen Zhang ◽

Jingwen Zhu ◽

Ao Liu ◽

Weijing Wang ◽

Chenkai Guo ◽

...

Keyword(s):

Static Analysis ◽

Memory Leak ◽

Analysis Tools