Indian Journal of Science and Technology
Year: 2016, Volume: 9, Issue: 19, Pages: 1-10
Faisal Anwer1*, Mohd. Nazir2 and Khurram Mustafa2
1Department of Computer Science, Aligarh Muslim University, Aligarh, India; [email protected] 2Department of Computer Science, Jamia Millia Islamia (A Central University), Jamia Nagar, New Delhi, India; [email protected], [email protected]
*Author for correspondence
Department of Computer Science, Aligarh Muslim University, Aligarh, India; [email protected]
Objective: Symbolic execution is one of the most popular automated testing techniques for program verification and test case generation. It assures exhaustive path coverage by generating and resolving path constraints on each branch, effectively covering untested paths or gray areas that often lead to security vulnerabilities. Our main objective here is to propose a testing framework to test security vulnerabilities raised due to improper error handling such as resource leakage, program crash and program inconsistency. Methods: Authors propose a framework Symexc that tests and verifies if such vulnerabilities exist in the program using symbolic execution and exception injection. Conclusion: In this paper, symbolic execution has been adopted to traverse each and every path to execute different pre-injected exceptions. The paper demonstrates the implementation of the framework, followed by its validation on some java programs. Applications: Finding these vulnerabilities during application development will check misuse of applications and hence will add more quality to the application.
Keywords: Denial of Service, Improper Error Handling, Program Crash, Program Inconsistency, Resource Leakage, Symbolic Execution
Subscribe now for latest articles and news.