Skip to Main content Skip to Navigation
Conference papers

Using testing techniques for vulnerability detection in C programs

Abstract : This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances
Document type :
Conference papers
Complete list of metadatas

Cited literature [21 references]  Display  Hide  Download
Contributor : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Submitted on : Friday, April 15, 2016 - 4:41:20 PM
Last modification on : Saturday, September 26, 2020 - 3:25:42 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Amel Mammar, Ana Rosa Cavalli, Willy Ronald Jimenez Freitez, Wissam Mallouli, Edgardo Montes de Oca. Using testing techniques for vulnerability detection in C programs. 23th International Conference on Testing Software and Systems (ICTSS), Nov 2011, Paris, France. pp.80-96, ⟨10.1007/978-3-642-24580-0_7⟩. ⟨hal-01303013⟩



Record views


Files downloads