Testing static analysis tools using exploitable buffer overflows from open source code.

Testing static analysis tools using exploitable buffer overflows from open source code.

Five modern static analysis tools (ARCHER, BOON, Poly-Space C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various versions of Sendmail, BIND, and WU-FTPD. Each code example included a "BAD" case wit...

وصف كامل

التفاصيل البيبلوغرافية
الحاوية / القاعدة:Software engineering notes. 29, 6 (2004).
المؤلف الرئيسي: Zitser, Misha
التنسيق: مقال
اللغة:English
الموضوعات:
Software.
Software engineering.
Software / Program Verification.
Testing and debugging.
Computing milieux.
Computers and society.
Electronic commerce.
Measurement.
Performance.
Security.
Verification.
Buffer overflow.
Evaluation.
Exploit.
False alarm.
Source code.
Static analysis.
Test detection.