Auflistung nach Autor:in "Schuckert, Felix"
1 - 2 von 2
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragPT: Generating security vulnerabilities in source code(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Schuckert, FelixThis paper describes a framework, which modifies existing source code to generate security issues. An example plugin for generating SQL injection in Java source code is described. The generation process is based on static code analysis techniques like dataflow analysis and abstract syntax trees. The framework is evaluated with the help of Java projects from GitHub. One modified project was successfully used in a capture the flag event as a challenge.
- KonferenzbeitragSource Code Patterns of Buffer Overflow Vulnerabilities in Firefox(SICHERHEIT 2018, 2018) Schuckert, Felix; Hildner, Max; Katt, Basel; Langweg, HannoWe investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.