• P-ISSN 0974-6846 E-ISSN 0974-5645

Indian Journal of Science and Technology


Indian Journal of Science and Technology

Year: 2016, Volume: 9, Issue: 19, Pages: 1-10

Original Article

Testing Program for Security using Symbolic Execution and Exception Injection


Objective: Symbolic execution is one of the most popular automated testing techniques for program verification and test case generation. It assures exhaustive path coverage by generating and resolving path constraints on each branch, effectively covering untested paths or gray areas that often lead to security vulnerabilities. Our main objective here is to propose a testing framework to test security vulnerabilities raised due to improper error handling such as resource leakage, program crash and program inconsistency. Methods: Authors propose a framework Symexc that tests and verifies if such vulnerabilities exist in the program using symbolic execution and exception injection. Conclusion: In this paper, symbolic execution has been adopted to traverse each and every path to execute different pre-injected exceptions. The paper demonstrates the implementation of the framework, followed by its validation on some java programs. Applications: Finding these vulnerabilities during application development will check misuse of applications and hence will add more quality to the application. 

Keywords: Denial of Service, Improper Error Handling, Program Crash, Program Inconsistency, Resource Leakage, Symbolic Execution


Subscribe now for latest articles and news.