To discover low-level security vulnerabilities in target applications that implement stateful network protocols, security researchers usually employ manually-constructed protocol-specific testing tools. Due to the complexity and heterogeneity of network protocols, however, building such tools for every network protocol used by target programs is a challenging task. We propose a semi-automated technique for creating protocol-specific testing tools, which leverages an existing application that implements a network protocol (a source), and converts it into a testing tool that can be used for bug discovery in any target program that “speaks” the same protocol. We call our implementation of this method InSource, and, by measuring coverage gain, ...
Stateful network protocols, such as the Transmission Control Protocol (TCP), play a significant role...
Abstract—Network protocol developers typically go through a tedious and error-prone process of testi...
Access networks provide connectivity to services for end-users. A common example is an end-user conn...
Abstract. Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzin...
Security bugs in network-based applications allow an attacker to compromise a system from the networ...
The use of network communication in applications increases their complexity and can lead to new secu...
<div><p>Network protocol vulnerability detection plays an important role in many domains, including ...
Emerging concepts like Industrial Internet of Things (IIOT) and Industrie 4.0 require Industrial Aut...
This dissertation demonstrates and evaluates the use of passive run-time monitoring to test black-bo...
Abstract—Implementations of network protocols, such as DNS, DHCP and Zeroconf, are prone to flaws, s...
This dissertation demonstrates and evaluates the use of passive run-time monitoring to test black-bo...
Abstract. The security of network services and their protocols critically depends on minimizing thei...
Starting from practical scenarios we underline that the most relevant security vulnerabilities in pr...
Application-level protocol specifications are useful for many security applications, including intru...
This paper gives an overview of the methodology of penetration testing and the tools used. This auth...
Stateful network protocols, such as the Transmission Control Protocol (TCP), play a significant role...
Abstract—Network protocol developers typically go through a tedious and error-prone process of testi...
Access networks provide connectivity to services for end-users. A common example is an end-user conn...
Abstract. Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzin...
Security bugs in network-based applications allow an attacker to compromise a system from the networ...
The use of network communication in applications increases their complexity and can lead to new secu...
<div><p>Network protocol vulnerability detection plays an important role in many domains, including ...
Emerging concepts like Industrial Internet of Things (IIOT) and Industrie 4.0 require Industrial Aut...
This dissertation demonstrates and evaluates the use of passive run-time monitoring to test black-bo...
Abstract—Implementations of network protocols, such as DNS, DHCP and Zeroconf, are prone to flaws, s...
This dissertation demonstrates and evaluates the use of passive run-time monitoring to test black-bo...
Abstract. The security of network services and their protocols critically depends on minimizing thei...
Starting from practical scenarios we underline that the most relevant security vulnerabilities in pr...
Application-level protocol specifications are useful for many security applications, including intru...
This paper gives an overview of the methodology of penetration testing and the tools used. This auth...
Stateful network protocols, such as the Transmission Control Protocol (TCP), play a significant role...
Abstract—Network protocol developers typically go through a tedious and error-prone process of testi...
Access networks provide connectivity to services for end-users. A common example is an end-user conn...