Abstract. We present an automata-based approach for the verification of string operations in PHP programs based on symbolic string analysis. String analysis is a static analysis technique that determines the values that a string expression can take during program execution at a given program point. This information can be used to verify that string values are sanitized properly and to detect programming errors and security vulnerabilities. In our string analysis approach, we encode the set of string values that string variables can take as automata. We implement all string functions using a symbolic automata representation (MBDD representation from the MONA automata package) and leverage efficient manipulations on MBDDs, e.g., determinizati...
Software testing is an integral part of the software development process. To test certain parts of s...
Automata, the simplest model of computation, have proven to be an effective tool in reasoning about ...
Forward symbolic execution is a technique for program analysis that explores the execution paths of ...
Verifying string manipulating programs is a crucial problem in computer security. String operations ...
A crucial problem in developing dependable web applications is thecorrectness of the input validatio...
Most common vulnerabilities in modern software applications are due to errors in string manipulatio...
Abstract. STRANGER is an automata-based string analysis tool for finding and eliminating string-rela...
Symbolic finite automata (SFA) allow the representation of regular languages of strings over an infi...
Motivated by the vulnerability analysis of web programs which work on string inputs, we present S3, ...
Abstract. There has been significant interest in static analysis of pro-grams that manipulate string...
Abstract. Most common vulnerabilities in Web applications are due to string manipulation errors in i...
In this thesis, we study algorithms which can be used to extract, or learn, formal mathematical mode...
Bugs in user input sanitation of software systems often lead to vulnerabilities. Among them many are...
The design and implementation of decision procedures for checking path feasibility in string-manipul...
Mnoho aplikací přijímá, odesílá a zpracovává data v textové podobě. Správné a bezpečné zpracování tě...
Software testing is an integral part of the software development process. To test certain parts of s...
Automata, the simplest model of computation, have proven to be an effective tool in reasoning about ...
Forward symbolic execution is a technique for program analysis that explores the execution paths of ...
Verifying string manipulating programs is a crucial problem in computer security. String operations ...
A crucial problem in developing dependable web applications is thecorrectness of the input validatio...
Most common vulnerabilities in modern software applications are due to errors in string manipulatio...
Abstract. STRANGER is an automata-based string analysis tool for finding and eliminating string-rela...
Symbolic finite automata (SFA) allow the representation of regular languages of strings over an infi...
Motivated by the vulnerability analysis of web programs which work on string inputs, we present S3, ...
Abstract. There has been significant interest in static analysis of pro-grams that manipulate string...
Abstract. Most common vulnerabilities in Web applications are due to string manipulation errors in i...
In this thesis, we study algorithms which can be used to extract, or learn, formal mathematical mode...
Bugs in user input sanitation of software systems often lead to vulnerabilities. Among them many are...
The design and implementation of decision procedures for checking path feasibility in string-manipul...
Mnoho aplikací přijímá, odesílá a zpracovává data v textové podobě. Správné a bezpečné zpracování tě...
Software testing is an integral part of the software development process. To test certain parts of s...
Automata, the simplest model of computation, have proven to be an effective tool in reasoning about ...
Forward symbolic execution is a technique for program analysis that explores the execution paths of ...