@inproceedings{a242479ba46e42dc862b866117e78c97,
title = "Using testing techniques for vulnerability detection in C programs",
abstract = "This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called {"}Vulnerability Detection Conditions{"} (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances.",
keywords = "Dynamic Code Analysis, Passive Testing, Vulnerabilities Detection",
author = "Amel Mammar and Ana Cavalli and Willy Jimenez and Wissam Mallouli and \{De Oca\}, \{Edgardo Montes\}",
year = "2011",
month = jan,
day = "1",
doi = "10.1007/978-3-642-24580-0\_7",
language = "English",
isbn = "9783642245794",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "80--96",
booktitle = "Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings",
note = "23rd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2011 ; Conference date: 07-11-2011 Through 10-11-2011",
}