scholarly journals On narrowing the gap between verification and systematic testing

2017 ◽  
Vol 59 (4) ◽  
Author(s):  
Maria Christakis
Keyword(s):  
Static Analysis ◽  
Test Generation ◽  
Source Code ◽  
Systematic Testing ◽  
Complex Image ◽  
Dynamic Techniques ◽  
Code Annotations

AbstractOur work on narrowing the gap between verification and systematic testing has two directions: (1) complementing verification with systematic testing, and (2) pushing systematic testing toward reaching verification. In the first direction, we explore how to effectively combine static analysis with systematic testing, so as to guide test generation toward properties that have not been previously checked by a static analyzer in a sound way. This combination significantly reduces the test effort while checking more unverified properties. In the second direction, we push systematic testing toward checking as many executions as possible of a real and complex image parser, so as to prove the absence of a certain class of errors. This verification attempt required no static analysis or source code annotations; our purely dynamic techniques targeted the verification of the parser implementation, including complicated assembly patterns that most static analyses cannot handle.

Is Static Analysis Able to Identify Unnecessary Source Code?

2020 ◽  
Vol 29 (1) ◽  
pp. 1-23
Author(s):  
Roman Haas ◽  
Rainer Niedermayr ◽  
Tobias Roehm ◽  
Sven Apel
Keyword(s):  
Static Analysis ◽  
Source Code

scholarly journals Means of integrating static source security analysis technology into the software development environment

2020 ◽  
Author(s):  
N. V. Goryuk ◽  
Keyword(s):  
Software Development ◽  
Static Analysis ◽  
Software Security ◽  
Source Code ◽  
Security Analysis ◽  
Development Environment ◽  
Static Source ◽  
Software Development Environment ◽  
Further Development ◽  
Code Development

The article investigates automation methods and means of integration of static source security analysis technology. The process of software security analysis, which is implemented by the technology of static analysis of the source code, is studied, and the methods of solving the problem of automation and integration of the technology into the source code development environment are offered. The perspective direction of further development of the technology of static analysis of the source code is established.

scholarly journals Evaluation of SQL Injection Vulnerability Detection Tools

2019 ◽  
Vol 9 (1) ◽  
pp. 1747-1751
Keyword(s):  
Static Analysis ◽  
Web Applications ◽  
Source Code ◽  
False Negative ◽  
Vulnerability Detection ◽  
Sql Injection ◽  
User Input ◽  
Root Cause ◽  
Analysis Tools ◽  
Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

CODE-CHANGE IMPACT ANALYSIS USING COUNTERFACTUALS: THEORY AND IMPLEMENTATION

2013 ◽  
Vol 23 (10) ◽  
pp. 1459-1486
Author(s):  
MANUEL PERALTA ◽  
SUPRATIK MUKHOPADHYAY
Keyword(s):  
Static Analysis ◽  
Theorem Proving ◽  
Program Analysis ◽  
Impact Analysis ◽  
Source Code ◽  
Analysis Framework ◽  
Change Impact Analysis ◽  
Code Change ◽  
Change Impact ◽  
Automated Tool

This article shows a novel program analysis framework based on Lewis' theory of counterfactuals. Using this framework we are capable of performing change-impact static analysis on a program's source code. In other words, we are able to prove the properties induced by changes to a given program before applying these changes. Our contribution is two-fold; we show how to use Lewis' logic of counterfactuals to prove that proposed changes to a program preserve its correctness. We report the development of an automated tool based on resolution and theorem proving for performing code change-impact analysis.

scholarly journals Static analysis of software source code based on the Fortify Static Code Analyzer solution

2021 ◽  
Vol 46 (2) ◽  
Author(s):  
N. V. Goryuk ◽  
◽  
I. M. Lavrovsky
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
Static Analysis ◽  
Source Code ◽  
Security Analysis ◽  
Software Life Cycle ◽  
Static Source

The article analyzes the problem of identifying source code vulnerabilities in the context of software development. An analysis of existing technologies for detecting vulnerabilities in the source code. Methods and means of protection of detection of source code vulnerabilities on the basis of the Fortify Static Code Analyzer solution are investigated. The purpose, main functions and architecture of the Fortify Static Code Analyzer solution are defined. Based on the research conducted in the work, a variant of the process of static analysis of the security of the source code in the context of the software life cycle was developed. Recommendations for the use of static source security analysis technology have been developed.

Assessing the User-Perceived Quality of Source Code Components Using Static Analysis Metrics

2018 ◽  
pp. 3-27 ◽  
Author(s):  
Valasia Dimaridou ◽  
Alexandros-Charalampos Kyprianidis ◽  
Michail Papamichail ◽  
Themistoklis Diamantopoulos ◽  
Andreas Symeonidis
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Perceived Quality
Sign in / Sign up

Export Citation Format

Share Document