Z3-str: A z3-based string solver for web application analysis
Analyzing web applications requires reasoning about strings and non-strings cohesively.
Existing string solvers either ignore non-string program behavior or support limited set of …
Existing string solvers either ignore non-string program behavior or support limited set of …
Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis
Symbolic PathFinder (SPF) is a software analysis tool that combines symbolic execution with
model checking for automated test case generation and error detection in Java bytecode …
model checking for automated test case generation and error detection in Java bytecode …
S3: A symbolic string solver for vulnerability detection in web applications
Motivated by the vulnerability analysis of web programs which work on string inputs, we
present S3, a new symbolic string solver. Our solver employs a new algorithm for a …
present S3, a new symbolic string solver. Our solver employs a new algorithm for a …
A DPLL(T) Theory Solver for a Theory of Strings and Regular Expressions
An increasing number of applications in verification and security rely on or could benefit from
automatic solvers that can check the satisfiability of constraints over a rich set of data types …
automatic solvers that can check the satisfiability of constraints over a rich set of data types …
Fast and precise sanitizer analysis with {BEK}
Web applications often use special string-manipulating sanitizers on untrusted user data, but
it is difficult to reason manually about the behavior of these functions, leading to errors. For …
it is difficult to reason manually about the behavior of these functions, leading to errors. For …
Symbolic finite state transducers: Algorithms and applications
Finite automata and finite transducers are used in a wide range of applications in software
engineering, from regular expressions to specification languages. We extend these classic …
engineering, from regular expressions to specification languages. We extend these classic …
Automata-based model counting for string constraints
Most common vulnerabilities in Web applications are due to string manipulation errors in
input validation and sanitization code. String constraint solvers are essential components of …
input validation and sanitization code. String constraint solvers are essential components of …
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Y Zheng, X Zhang - 2013 35th International Conference on …, 2013 - ieeexplore.ieee.org
Remote code execution (RCE) attacks are one of the most prominent security threats for web
applications. It is a special kind of cross-site-scripting (XSS) attack that allows client inputs to …
applications. It is a special kind of cross-site-scripting (XSS) attack that allows client inputs to …
String analysis for side channels with segmented oracles
We present an automated approach for detecting and quantifying side channels in Java
programs, which uses symbolic execution, string analysis and model counting to compute …
programs, which uses symbolic execution, string analysis and model counting to compute …
An efficient SMT solver for string constraints
An increasing number of applications in verification and security rely on or could benefit from
automatic solvers that can check the satisfiability of constraints over a diverse set of data …
automatic solvers that can check the satisfiability of constraints over a diverse set of data …