Static analysis versus penetration testing: A controlled experiment
R Scandariato, J Walden… - 2013 IEEE 24th …, 2013 - ieeexplore.ieee.org
Suppose you have to assemble a security team, which is tasked with performing the security
analysis of your organization's latest applications. After researching how to assess your …
analysis of your organization's latest applications. After researching how to assess your …
Detecting missing method calls as violations of the majority rule
M Monperrus, M Mezini - ACM Transactions on Software Engineering …, 2013 - dl.acm.org
When using object-oriented frameworks it is easy to overlook certain important method calls
that are required at particular places in code. In this article, we provide a comprehensive set …
that are required at particular places in code. In this article, we provide a comprehensive set …
Analysis of GSM calls data for understanding user mobility behavior
This information about our GSM calls is stored by the TelCo operator in large volumes and
with strict privacy constraints making it challenging the analysis of these fingerprints for …
with strict privacy constraints making it challenging the analysis of these fingerprints for …
Dynamically validating static memory leak warnings
File Edit Options Buffers Tools TeX Help Memory leaks have significant impact on software
availability, performance, and security. Static analysis has been widely used to find memory …
availability, performance, and security. Static analysis has been widely used to find memory …
Segmented symbolic analysis
W Le - 2013 35th International Conference on Software …, 2013 - ieeexplore.ieee.org
Symbolic analysis is indispensable for software tools that require program semantic
information at compile time. However, determining symbolic values for program variables …
information at compile time. However, determining symbolic values for program variables …
A comparative evaluation of static analysis actionable alert identification techniques
S Heckman, L Williams - Proceedings of the 9th International Conference …, 2013 - dl.acm.org
Automated static analysis (ASA) tools can identify potential source code anomalies that
could lead to field failures. Developer inspection is required to determine if an ASA alert is …
could lead to field failures. Developer inspection is required to determine if an ASA alert is …
Towards complete specifications with an error calculus
We present an error calculus to support a novel specification mechanism for sound and/or
complete safety properties that are to be given by users. With such specifications, our …
complete safety properties that are to be given by users. With such specifications, our …
[PDF][PDF] JPF-Doop: Combining concolic and random testing for Java
M Dimjaševic, Z Rakamaric - Collections (org. apache. commons …, 2013 - dimjasevic.net
Achieving high code coverage during software testing is important because it gives a
measure of how thoroughly the software has been tested. However, reaching high code …
measure of how thoroughly the software has been tested. However, reaching high code …
[PDF][PDF] Static analysis techniques and tools: A systematic mapping study
VRL de Mendonça, CL Rodrigues, FAA de MN Soares… - ICSEA, 2013 - academia.edu
The main disadvantage of static analysis tools is their high false positive rates. False
positives are errors that either do not exist or do not lead to serious software failures. Thus …
positives are errors that either do not exist or do not lead to serious software failures. Thus …
Scaling model checking for test generation using dynamic inference
A Yeolekar, D Unadkat, V Agarwal… - 2013 IEEE Sixth …, 2013 - ieeexplore.ieee.org
Model checking engines employed to generate test cases covering the structure of the
model or code are limited by factors like code size, loops and floating point computation. We …
model or code are limited by factors like code size, loops and floating point computation. We …