• McEliece

  • Referenced in 228 articles [sw02076]
  • Practical power analysis attacks on software implementations of McEliece. The McEliece public-key cryptosystem ... their vulnerability and robustness against physical attacks, e.g., state-of-the-art power analysis attacks...
  • Saner

  • Referenced in 9 articles [sw37817]
  • Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. Web applications ... skills, and, as a result, they contain vulnerabilities. Most of these vulnerabilities stem from ... their use. Past research on vulnerability analysis has mostly focused on identifying cases in which ... routine to potentially malicious input, the vulnerability analysis assumes that the result is innocuous. Unfortunately...
  • MulVAL

  • Referenced in 8 articles [sw17743]
  • among multiple network elements. For a vulnerability analysis tool to be useful in practice ... used in the analysis must be able to automatically integrate formal vulnerability specifications from ... reporting community. Second, the analysis must be able to scale to networks with thousands ... reasoning system that conducts multihost, multistage vulnerability analysis on a network. MulVAL adopts Datalog...
  • S3

  • Referenced in 7 articles [sw19495]
  • applications. Motivated by the vulnerability analysis of web programs which work on string inputs...
  • Pixy

  • Referenced in 5 articles [sw25249]
  • Pixy: a static analysis tool for detecting web application vulnerabilities. The number and the importance ... problem of vulnerable Web applications by means of static source code analysis. More precisely ... interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program. In addition ... alias and literal analysis are employed to improve the correctness and precision of the results...
  • Stranger

  • Referenced in 14 articles [sw09152]
  • based string analysis tool for finding and eliminating string-related security vulnerabilities in PHP applications...
  • TAJ

  • Referenced in 7 articles [sw33114]
  • security-sensitive operations. Taint analysis can detect many common vulnerabilities in Web applications ... community and industry. However, most static taint-analysis tools do not address critical requirements...
  • WAPTEC

  • Referenced in 4 articles [sw21854]
  • WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction. Parameter tampering attacks ... designed to automatically identify parameter tampering vulnerabilities and generate exploits by construction ... demonstrate those vulnerabilities. WAPTEC involves a new approach to whitebox analysis of the server ... open source applications and found previously unknown vulnerabilities in every single one of them...
  • ORA

  • Referenced in 5 articles [sw22485]
  • network analysis tool that detects risks or vulnerabilities of an organization’s design structure ... formats to be interoperable with existing network analysis packages. In addition, it has tools...
  • SwordDTA

  • Referenced in 1 article [sw17035]
  • SwordDTA: A dynamic taint analysis tool for software vulnerability detection. Software vulnerabilities are the root ... dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize ... software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries ... used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with...
  • PyCG

  • Referenced in 1 article [sw37995]
  • different contexts, such as profiling and vulnerability propagation analysis. Generating call graphs in an efficient...
  • Fortify

  • Referenced in 1 article [sw26890]
  • Source Code Analysis to Remove Security Vulnerabilities in Java Socket Programs: A Case Study. This ... identification, impact analysis and solutions to remove five important software security vulnerabilities, which if left ... suitably modified to correct any such vulnerabilities in software developed in any other programming language ... Code Analyzer to conduct the source code analysis of the file reader server program, implemented...
  • EIOD

  • Referenced in 1 article [sw10040]
  • static binary analysis based approach to detect integer overflow vulnerabilities in windows binary. We first ... intermediate representation and perform Sign type analysis to reconstruct sufficient type information ... then use dataflow analysis to collect suspicious integer overflow vulnerabilities. To alleviate the problem that...
  • Julia Static Analyzer

  • Referenced in 3 articles [sw28173]
  • risks related to security vulnerabilities and privacy leaks. The powerful analysis technology ensures a maximum...
  • MOPS

  • Referenced in 23 articles [sw10117]
  • tool to automate this process. Our program analysis models the program to be verified ... verifying the absence of certain classes of vulnerabilities, that it is fully interprocedural, and that...
  • Merlin

  • Referenced in 5 articles [sw23076]
  • seen a proliferation of static and runtime analysis tools for finding security violations that ... increase in the number of vulnerabilities such as cross-site scripting and SQL injection ... easy to miss, leading to missed vulnerabilities; similarly, incorrect specifications may lead to false positives ... CAT.NET, a state-of-the-art static analysis tool for .NET. We find a total...
  • KJS

  • Referenced in 6 articles [sw18992]
  • thus it can be used for formal analysis and verification of JavaScript programs. We verified ... trivial programs and found a known security vulnerability...
  • Coverity

  • Referenced in 2 articles [sw20227]
  • Coverity: Static Code Analysis. Find critical defects and security weaknesses in code ... written before they become vulnerabilities, crashes, or maintenance headaches...
  • GrapeReception

  • Referenced in 1 article [sw34404]
  • thereby rendering it less vulnerable to such changes. Our analysis, which is based on real...
  • LIFT

  • Referenced in 3 articles [sw20596]
  • vulnerabilities. Prior work shows that information flow tracking (also referred to as taint analysis...