A secure-coding and vulnerability check system based on smart-fuzzing and exploit

Kang, Jieun; Park, Jong Hyuk

doi:10.1016/j.neucom.2015.11.139

Cited by 14 publications

(9 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are some different approached for safe coding which are distrust user input, input validation and magic switches and some tools to perform automatic source code analysis Rats, Flawfinder and ITS4. From the existing studies we conclude that Agrawal, A et al [41], Kang and Park [38], Zhu et al [37] useful approaches in secure programming. The methods of secure programming is summarized year wise shows in the Fig.…”

Section: ) Discussionmentioning

confidence: 86%

“…They have employed an interactive tool for prototype static investigation similarly as a module for Java in Eclipse. Kang and Park [38] suggested a smart fumigation system made in connection with the black box and white box test that could effectively detect/distinguish software weaknesses.…”

Section: A Secure Programmingmentioning

confidence: 99%

“…The benefit of this process is that the input value can be easily predicted and a test scenario can be made. However, the white box test requires experienced skills and it is not possible to guarantee that the test specifications are met [38]. The method proposed by Jovanovic et al [42] is suggested pixy tool.…”

Section: ) White Box Testingmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Detection and Prevention of Web Vulnerabilities

Noman¹,

Iqbal²,

Manzoor³

2020

IJACSA

View full text Add to dashboard Cite

The Internet provides a vast range of benefits to society and empowers the users in a variety of ways to use web applications. Simply, the internet has become the most transformative and fast-growing technology ever built, but it also brings new security challenges to web services in internet applications because of the scattered and open nature of the internet. A simple vulnerability in the program code could favor/benefit an attacker to obtain unauthorized access and perform adversary actions. Hence, the security of web applications from a hacking attempt is of paramount importance. This paper focuses on a literature survey recapitulating security solutions and major vulnerabilities to promote further research by systemizing the existing methods, on a bigger horizon. The data is collected from an absolute of 86 primary studies that are taken from well-known digital libraries. Different methods comprising secure programming, static, Dynamic, Hybrid analysis, and machine learning classify the data from articles. The quantity of references or the significance of a developing strategy is kept in account while selecting articles. Overall, our survey suggests that there is no way to alleviate all the web vulnerabilities therefore more studies is desirable in the area of web information security. All methods' complexity is addressed and some recommendations regarding when to use the application of given methods are provided. Finally, we typify the experience gained and examine future research openings in web application security.

show abstract

Section: ) Discussionmentioning

confidence: 86%

Section: A Secure Programmingmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Detection and Prevention of Web Vulnerabilities

Noman¹,

Iqbal²,

Manzoor³

2020

IJACSA

View full text Add to dashboard Cite

show abstract

“…The first fuzz testing tool was developed by Miller et al [2] for testing the reliability of UNIX tools. It has been proven useful and successful for discovering vulnerabilities in software which may not be found by other techniques [13], [14]. There are no accepted guidelines in the literature for the fuzz testing technique.…”

Section: Related Workmentioning

confidence: 99%

Discovering Software Vulnerabilities Based on Fuzz Testing

Chung¹

2019

JCP

View full text Add to dashboard Cite

In the era of the Internet, information security issues are of paramount importance. Software packages invariably have security vulnerabilities. If exploited by malicious hackers, vulnerabilities can cause substantial losses to software corporations and end users. Due to the increase in Advanced Persistent Threat (APT) attacks, vulnerabilities have to be discovered as rapidly as possible. This research focuses on Microsoft Office Word software and proposes the fuzzing vulnerability digging model. In the field of fuzz testing, the traditional approaches consume considerable time and system resources without analyzing file formats. Therefore, the fuzzing vulnerability digging model proposed in this research examines the file format to identify any possible weaknesses. According to the experiments, our proposed model outperforms two benchmarking models, i.e. the FileFuzz tester and MiniFuzz tester, for a fixed period of time. Finally, we present an example which imitates a Shellcode attack carried out via the weaknesses discovered by the proposed model. According to the comparison results, the proposed model has the potential to identify weaknesses in MS Office Word software more effectively and efficiently.

show abstract

“…Some of the most relevant security breaches are those related to malicious code within files [6], or even software code bugs. The use of open source software forces us to face various problems based on the weaknesses of open source, such as the weakness of Heartbleed ‘OpenSSL’ [7]. In the healthcare sector, special attention is dedicated to data security [8], and therefore more security checks are recommended if we use open source software [9, 10].…”

Section: Introductionmentioning

confidence: 99%

Assessing source code vulnerabilities in a cloud‐based system for health systems: OpenNCP

2019

View full text Add to dashboard Cite

Healthcare systems have been improved in order to provide support to cross-border situations where one citizen from one country travels to another country and requires the use of their health records. Several initiatives have been carried out to tackle this problem. This is the case for the OpenNCP which is supported by the European Commission by providing a common network and an infrastructure to connect different national healthcare systems which most of the times are cloud-based systems. The OpenNCP plays a key role in communicating health records among European Union's member states, and therefore it manages sensitive information. Therefore, this study provides a security analysis of this platform and a prototype is developed for identifying secure patterns in source code.

show abstract

A secure-coding and vulnerability check system based on smart-fuzzing and exploit

Cited by 14 publications

References 3 publications

A Survey on Detection and Prevention of Web Vulnerabilities

A Survey on Detection and Prevention of Web Vulnerabilities

Discovering Software Vulnerabilities Based on Fuzz Testing

Assessing source code vulnerabilities in a cloud‐based system for health systems: OpenNCP

Contact Info

Product

Resources

About