Software testing techniques (2nd ed.)
Software testing techniques (2nd ed.)
Extending Typestate Checking Using Conditional Liveness Analysis
IEEE Transactions on Software Engineering
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Evolutionary testing of classes
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
A Software Implementation of a Genetic Algorithm Based Approach to Network Intrusion Detection
SNPD-SAWN '05 Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Networks
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting buffer overflow via automatic test input data generation
Computers and Operations Research
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Secure programming with static analysis
Secure programming with static analysis
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
The 6th International Workshop on Software Engineering for Secure Systems (SESS'10)
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
A systematic mapping study on the combination of static and dynamic quality assurance techniques
Information and Software Technology
Security testing of web applications: a research plan
Proceedings of the 34th International Conference on Software Engineering
| Hi-index | 0.00 |
Cross site scripting is considered the major threat to the security of web applications. Removing vulnerabilities from existing web applications is a manual expensive task that would benefit from some level of automatic assistance. Static analysis represents a valuable support for security review, by suggesting candidate vulnerable points to be checked manually. However, potential benefits are quite limited when too many false positives, safe portions of code classified as vulnerable, are reported. In this paper, we present a preliminary investigation on the integration of static analysis with genetic algorithms. We show that this approach can suggest candidate false positives reported by static analysis and provide input vectors that expose actual vulnerabilities, to be used as test cases in security testing.