Testing for Security Vulnerabilities in Software

P. Vilela, M. Machado (Brazil), and E. Wong (USA)


Software Testing Coverage; Security Vulnerability; Mutation Analysis; Buffer Overflow.


This paper presents a case study to produce supporting evidence to prove the hypothesis that it is viable to test a pro gram for security vulnerabilities. The approach considers the use of Mutation Analysis, a structural error-based test ing technique, to increase the chances of detecting code re lated security breaches in software. Two mutant operators with four variations each are defined and subsequently used to generate mutants. Cost related issues are always raised when mutation analysis is used, we address the problem from both the theoretical and empirical point of view.

Important Links:

Go Back