CONFU

2012 ◽  
pp. 152-167
Author(s):  
Huning Dai ◽  
Christian Murphy ◽  
Gail E. Kaiser
Keyword(s):  
Case Studies ◽  
Software Security ◽  
Performance Evaluations ◽  
Testing Technique ◽  
Security Vulnerabilities ◽  
Testing Framework ◽  
Testing Methodology ◽  
Fuzz Testing ◽  
Runtime Environment ◽  
Semantic Validity

Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, the authors present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants’’ that, if violated, indicate vulnerability. This paper discusses the approach and introduces a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. Additionally, the results of case studies that demonstrate the approach’s feasibility are presented along with performance evaluations.

Survey of Vulnerabilities and Mitigation Techniques for Mooc-Based Applications

2016 ◽  
Vol 7 (4) ◽  
pp. 1-18 ◽  
Author(s):  
Hossain Shahriar ◽  
Hisham M. Haddad ◽  
David Lebron ◽  
Rubana Lupu
Keyword(s):  
Open Source Software ◽  
Exploratory Study ◽  
Online Courses ◽  
Software Security ◽  
Low Cost ◽  
Massive Open Online Courses ◽  
Massive Open Online ◽  
Security Vulnerabilities ◽  
Cloud Environments ◽  
Mitigation Techniques

Massive Open Online Courses (MOOCs) are commonly hosted as web servers for learners worldwide to access education and learning materials at low cost. Many of the well-known MOOCs have adopted open source software and database technologies and frequently operate within cloud environments. It is likely that the well-known software security vulnerabilities may manifest to MOOC-based applications. Unfortunately, few studies have identified a set of common vulnerabilities applicable to MOOC-based applications. This paper1 presents an exploratory study of potential security vulnerabilities and challenges for MOOC platforms, and it provide some guidelines and suggestions to mitigate these concerns. This study helps practitioners (educators and developers) to adopt MOOC applications while considering potential vulnerabilities and be prepared to deal with these risks.

scholarly journals An automated approach to fix buffer overflows

2020 ◽  
Vol 10 (4) ◽  
pp. 3777
Author(s):  
Aamir Shahab ◽  
Muhammad Nadeem ◽  
Mamdouh Alenezi ◽  
Raja Asif
Keyword(s):  
Software Security ◽  
Mitigation Strategies ◽  
Buffer Overflow ◽  
Public Security ◽  
Analysis Tool ◽  
Security Vulnerabilities ◽  
Software Vulnerabilities ◽  
Buffer Overflows ◽  
Different Types ◽  
Static Analysis Tool

Buffer overflows are one of the most common software vulnerabilities that occur when more data is inserted into a buffer than it can hold. Various manual and automated techniques for detecting and fixing specific types of buffer overflow vulnerability have been proposed, but the solution to fix Unicode buffer overflow has not been proposed yet. Public security vulnerability repository e.g., Common Weakness Enumeration (CWE) holds useful articles about software security vulnerabilities. Mitigation strategies listed in CWE may be useful for fixing the specified software security vulnerabilities. This research contributes by developing a prototype that automatically fixes different types of buffer overflows by using the strategies suggested in CWE articles and existing research. A static analysis tool has been used to evaluate the performance of the developed prototype tools. The results suggest that the proposed approach can automatically fix buffer overflows without inducing errors.

Research on Software Security Vulnerability Discovery Based on Fuzzing

2014 ◽  
Vol 635-637 ◽  
pp. 1609-1613 ◽  
Author(s):  
Tong Li ◽  
Xuan Huang ◽  
Rui Huang
Keyword(s):  
Software Security ◽  
Security Vulnerabilities ◽  
Security Vulnerability ◽  
Discovery System ◽  
Vulnerability Discovery

Nowadays, fuzzing is one of the most effective ways to identify software security vulnerabilities, especially when we want to discover vulnerabilities about documents. According to the principles and ideas of Fuzzing, a vulnerability discovery system named WFuzzer is developed. This system can overcome the disadvantage of old ways; it also effectively improves the detection of potential unknown security vulnerabilities. This system is more automated and performs better in finding new security vulnerabilities.

Sign in / Sign up

Export Citation Format

Share Document