References

1. W Jimenez,A Mammar,A Cavalli,R Fourier (2009). Software vulnerabilities, prevention and detection methods: a review.
2. Hossain Shahriar,Mohammad Zulkernine (2012). Mitigating program security vulnerabilities.
3. K Zafar,A Ali Static techniques for vulnerability detection.
4. M Pistoia,S Chandra,S Fink,E Yahav (2007). A survey of static analysis methods for identifying security vulnerabilities in software systems.
5. B Liu,L Shi,Z Cai,M Li (2012). Software vulnerability discovery techniques: A survey.
6. M Bishop (1995). A taxonomy of unix system and network vulnerabilities.
7. Matt Bishop,David Bailey (1996). A Critical Analysis of Vulnerability Taxonomies.
8. M Bishop (2002). Computer security: art and science.
9. H Shahriari,R Jalili,M Bishop A general framework for categorizing vulnerabilities regarding their impact on security policy.
10. I Krsul (1998). Software vulnerability analysis.
11. R Seacord,A Householder (2005). A structured approach to classifying security vulnerabilities.
12. A Avizienis,J-C Laprie,B Randell,C Landwehr (2004). Basic concepts and taxonomy of dependable and secure computing.
13. Michael Ringenburg,Dan Grossman (2005). Preventing format-string attacks via automatic and efficient dynamic checking.
14. G Mcgraw (2006). Software security: building security in.
15. M Howard (2005). How do they do it? a look inside the security development lifecycle at microsoft.
16. N Mead,T Stehney (2005). Security quality requirements engineering (SQUARE) methodology.
17. (2016). https://library.wcs.org/en-us/Scientific-Research/Research-Publications/Publications-Library/ctl/view/mid/40093/pubid/DMX5240300000.aspx.
18. R Seacord (2005). Secure Coding in C and C++.
19. F Long,D Mohindra,R Seacord,D Sutherland,D Svoboda (2011). The CERT Oracle Secure Coding Standard for Java.
20. (2012). The Shields Project.
21. David Byers,Nahid Shahmehri (2010). Unified modeling of attacks, vulnerabilities and security activities.
22. N Shahmehri,A Mammar,E Montes De Oca,D Byers,A Cavalli,S Ardi,W Jimenez (2012). An advanced approach for modeling and detecting software vulnerabilities.
23. C Cowan,F Wagle,Calton Pu,S Beattie,J Walpole (1998). Buffer overflows: attacks and defenses for the vulnerability of the decade.
24. T.-C Chiueh,F.-H Hsu (2001). Rad: A compile-time solution to buffer overflow attacks.
25. B Madan,S Phoha,K Trivedi (2005). StackOFFence: a technique for defending against buffer overflow attacks.
26. M Dalton,H Kannan,C Kozyrakis (2007). Raksha: a flexible information flow architecture for software security.
27. G Suh,J Lee,D Zhang,S Devadas (2004). Secure program execution via dynamic information flow tracking.
28. J Clause,W Li,A Orso (2007). Dytan: a generic dynamic taint analysis framework.
29. B Stock,S Lekies,T Mueller,P Spiegel,M Johns (2014). Precise clientside protection against dom-based cross-site scripting.
30. Sruthy Manmadhan,T Manesh (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications.
31. Zhendong Su,Gary Wassermann (2006). The essence of command injection attacks in web applications.
32. C Cowan,M Barringer,S Beattie,G Kroah-Hartman,M Frantzen,J Lokier (2001). Formatguard: Automatic protection from printf format string vulnerabilities.
33. B Salamat,A Gal,T Jackson,K Manivannan,G Wagner,M Franz (2008). Multi-variant program execution: Using multi-core systems to defuse buffer-overflow vulnerabilities.
34. G Kc,A Keromytis,V Prevelakis (2003). Countering code-injection attacks with instruction-set randomization.
35. G Iha,H Doi (2009). An implementation of the binding mechanism in the web browser for preventing xss attacks: introducing the bind-value headers.
36. Suhas Gupta,Pranay Pratap,Huzur Saran,S Arun-Kumar (2006). Dynamic code instrumentation to detect and recover from return address corruption.
37. M Zhang,H Yin (2014). Appsealer: Automatic generation of vulnerability specific patches for preventing component hijacking attacks in android applications.
38. Weidong Cui,Marcus Peinado,Helen Wang,Michael Locasto (2007). ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing.
39. T Wang,C Song,W Lee (2014). Diagnosis and emergency patch generation for integer overflow exploits.
40. A Smirnov,T.-C Chiueh (2007). Automatic patch generation for buffer overflow attacks.
41. Z Liang,R Sekar,D Duvarney (2005). Automatic synthesis of filters to discard buffer overflow attacks: A step towards realizing self-healing systems.
42. M Ernst (2003). Static and dynamic analysis: Synergy and duality.
43. D Wheeler (2001). LAS VEGAS SANDS CORP., a Nevada corporation, Plaintiff, v. UKNOWN REGISTRANTS OF www.wn0000.com, www.wn1111.com, www.wn2222.com, www.wn3333.com, www.wn4444.com, www.wn5555.com, www.wn6666.com, www.wn7777.com, www.wn8888.com, www.wn9999.com, www.112211.com, www.4456888.com, www.4489888.com, www.001148.com, and www.2289888.com, Defendants..
44. J Viega,J.-T Bloch,Y Kohno,G Mcgraw (2000). ITS4: a static vulnerability scanner for C and C++ code.
45. S Johnson (1977). Science Film Program Under Way at Bell Telephone Laboratories.
46. F Yamaguchi,M Lottmann,K Rieck (2012). Generalized vulnerability extrapolation using abstract syntax trees.
47. H Kim,T.-H Choi,S.-C Jung,H.-C Kim,O Lee,K.-G Doh (2008). Applying dataflow analysis to detecting software vulnerability.
48. N Jovanovic,C Kruegel,E Kirda (2006). Pixy: A static analysis tool for detecting web application vulnerabilities.
49. D Wagner,J Foster,E Brewer,A Aiken (2000). A first step towards automated detection of buffer overrun vulnerabilities.
50. S Ganapathy,D Jha,D Chandler,D Melski,Vitek (2003). Buffer overrun detection using linear programming and static analysis.
51. Y Xia,J Luo,M Zhang (2005). Detecting memory access errors with flow-sensitive conditional range analysis.
52. Fang Yu,Tevfik Bultan,Oscar Ibarra (2009). Symbolic String Verification: Combining String Analysis and Size Analysis.
53. D Evans,D Larochelle (2002). Improving security using extensible lightweight static analysis.
54. Junfeng Yang,Ted Kremenek,Yichen Xie,Dawson Engler (2003). MECA.
55. Y Tsuruoka,J Tsujii,S Ananiadou (2008). Accelerating the annotation of sparse named entities by dynamic sentence selection.
56. M Howard (2006). A brief introduction to the standard annotation language (SAL).
57. Lin Tan,Yuanyuan Zhou,Yoann Padioleau (2011). aComment.
58. D Detlefs,G Nelson,J Saxe (2005). Simplify: a theorem prover for program checking.
59. G Tian-Yang,S Yin-Sheng,F You-Yuan (2010). Information Technology: Computer Science, Software Engineering and Cyber Security.
60. Sagar Chaki,Scott Hissam (2005). Precise Buffer Overflow Detection via Model Checking.
61. N Verma,M Hanmandlu (2005). Interactive Fuzzy System Using CWM.
62. W.-S R¨odiger (2011). Merging static analysis and model checking for improved security vulnerability detection.
63. H Chen,D Wagner (2002). Mops: an infrastructure for examining security properties of software.
64. R Hadjidj,X Yang,S Tlili,M Debbabi (2008). Modelchecking for software vulnerabilities detection with multi-language support.
65. Javier Esparza,David Hansel,Peter Rossmanith,Stefan Schwoon (2000). Efficient Algorithms for Model Checking Pushdown Systems.
66. J Ren,B Cai,H He,C Hu (2011). A method for detecting software vulnerabilities based on clustering and model analyzing.
67. Midya Alqaradaghi (2005). Finding Security Vulnerabilities in Java Code with Static Analysis.
68. G Wassermann,Z Su (2008). Static detection of cross-site scripting vulnerabilities.
69. D Newsome,Song (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software.
70. P Hooimeijer,B Livshits,D Molnar,P Saxena,M Veanes (2011). Fast and precise sanitizer analysis with bek.
71. Lei Wang,Qiang Zhang,Pengchao Zhao (2008). Automated Detection of Code Vulnerabilities Based on Program Analysis and Model Checking.
72. G Pellegrino,D Balzarotti (2014). Toward black-box detection of logic flaws in web applications.
73. S Kals,E Kirda,C Kruegel,N Jovanovic (2006). Secubat: a web vulnerability scanner.
74. J Takanen,C Demott,Miller (2008). Fuzzing for software security testing and quality assurance.
75. D Zhang,D Liu,Y Lei,D Kung,C Csallner,N Nystrom,W Wang (2012). Simfuzz: Test case similarity directed deep fuzzing.
76. Tielei Wang,Tao Wei,Guofei Gu,Wei Zou (2010). TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection.
77. L Doup´e,C Cavedon,G Kruegel,Vigna (2012). Enemy of the state: A state-aware black-box web vulnerability scanner.
78. Chaturvedula Pratyusha (2008). Automatic Generation of Coverage tests for System Programs.
79. P Godefroid,M Levin,D Molnar (2008). Automated whitebox fuzz testing.
80. C Cadar,V Ganesh,P Pawlowski,D Dill,D Engler (2008). Exe: automatically generating inputs of death.
81. A Haller,M Slowinska,H Neugschwandtner,Bos (2013). Dowsing for overflows: A guided fuzzer to find buffer boundary violations.
82. S Heelan (2011). Vulnerability detection syst ems:Think cyborg, not robot.
83. S Sparks,S Embleton,R Cunningham,C Zou (2007). Automated vulnerability analysis: Leveraging control flow for evolutionary input crafting.
84. J Demott,R Enbody,W Punch Revolutionizing the field of greybox attack surface testing with evolutionary fuzzing.
85. H Shahriar,M Zulkernine (2008). Music: Mutation-based sql injection vulnerability checking.
86. R Groce,Joshi (2008). Extending model checking with dynamic analysis.
87. Ranjit Jhala,Rupak Majumdar (2009). Software model checking.
88. P Godefroid (1997). Model checking for programming languages using verisoft.
89. K Havelund,T Pressburger (2000). Model checking java programs using java pathfinder.
90. M Musuvathi,D Park,A Chou,D Engler,D Dill (2002). Cmc: A pragmatic approach to model checking real code.
91. M Dwyer,J Hatcliff (2003). Bogor: an extensible and highly-modular software model checking framework.
92. Patrice Godefroid,Nils Klarlund,Koushik Sen (2005). DART.
93. E Schwartz,T Avgerinos,D Brumley (2010). All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask).
94. S Lekies,B Stock,M Johns (2013). 25 million flows later: large-scale detection of dom-based xss.
95. M Kang,S Mccamant,P Poosankam,D Song (2011). Dta++: Dynamictaint analysis with targeted controlflow propagation.
96. Davide Balzarotti,Marco Cova,Vika Felmetsger,Nenad Jovanovic,Engin Kirda,Christopher Kruegel,Giovanni Vigna (2008). Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.
97. G Sarwar,O Mehani,R Boreli,D Kaafar (2013). On the Effectiveness of Dynamic Taint Analysis for Protecting against Private Information Leaks on Android-based Devices.
98. Lori Clarke (1976). A program testing system.
99. D Davidson,B Moench,T Ristenpart,S Jha (2013). Fie on firmware: Finding vulnerabilities in embedded systems using symbolic execution.
100. D Ganesh,Dill (2007). A decision procedure for bitvectors and arrays.
101. Leonardo De Moura,Nikolaj Bjørner (2008). Z3: An Efficient SMT Solver.
102. Adam Kiezun,Vijay Ganesh,Philip Guo,Pieter Hooimeijer,Michael Ernst (2009). HAMPI.
103. Minh-Thai Trinh,Duc-Hiep Chu,Joxan Jaffar (2014). S3.
104. Cristian Cadar,Koushik Sen (2013). Symbolic execution for software testing.
105. Z Wang,J Ming,C Jia,D Gao (2011). Linear obfuscation to combat symbolic execution.
106. K Sen,D Marinov,G Agha (2005). Dynamic test generation to find integer bugs in x86 binary linux programs.
107. C Cho,D Babic,P Poosankam,K Chen,E Wu,D Song (2011). Mace: Model-inference-assisted concolic exploration for protocol and vulnerability discovery.
108. M Monga,R Paleari,E Passerini (2009). A hybrid analysis framework for detecting web application vulnerabilities.
109. W Halfond,A Orso (2005). Combining static analysis and runtime monitoring to counter sql-injection attacks.
110. L Felmetsger,C Cavedon,G Kruegel,Vigna (2010). Toward automated detection of logic vulnerabilities in web applications.
111. S.-W Woo,H Joh,O Alhazmi,Y Malaiya (2011). Modeling vulnerability discovery process in apache and iis http servers.
112. O Alhazmi,Y Malaiya (2005). Quantitative vulnerability assessment of systems software.
113. O Alhazmi,Y Malaiya,I Ray (2005). Security vulnerabilities in software systems: A quantitative perspective.
114. S Rahimi,M Zargham (2013). Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database.
115. O Alhazmi,Y Malaiya (2008). Application of vulnerability discovery models to major operating A New View on Classification of Software Vulnerability Mitigation Methods systems, Reliability.
116. H Joh,Y Malaiya (2009). Seasonal variation in the vulnerability discovery process.
117. Daniela Oliveira,Marissa Rosenthal,Nicole Morin,Kuo-Chuan Yeh,Justin Cappos,Yanyan Zhuang (2014). It's the psychology stupid.
118. H Xue,N Dautenhahn,S King (2012). Using replicated execution for a more secure and reliable web browser.
119. L Szekeres,M Payer,T Wei,D Song (2007). Multi-module vulnerability analysis of web-based applications.
120. J Bau,E Bursztein,D Gupta,J Mitchell (2010). State of the art: Automated black-box web application vulnerability testing.
121. Mohamed Almorsy,John Grundy,Amani Ibrahim (2012). Supporting automated vulnerability analysis using formalized vulnerability signatures.
122. Fabian Yamaguchi,Nico Golde,Daniel Arp,Konrad Rieck (2014). Modeling and Discovering Vulnerabilities with Code Property Graphs.
123. W Mallouli,A Mammar,A Cavalli,W Jimenez (2011). Vdc-based dynamic code analysis: Application to c programs.
124. B Livshits (2006). Improving software security with precise static and runtime analysis.
125. U Shankar,K Talwar,J Foster,D Wagner (2001). Format String Vulnerabilities.
126. L Paulson (1997). Proving properties of security protocols by induction.
127. M Burrows,M Abadi,Roger Needham (1989). A logic of authentication.
128. T Nipkow,L Paulson,M Wenzel (2002). Isabelle/HOL.
129. D Larochelle,D Evans (2001). Statically detecting likely buffer overflow vulnerabilities.
130. C Landwehr,A Bull,J Mcdermott,W Choi (1994). A taxonomy of computer program security flaws.
131. R Abbott,J Chin,J Donnelley,W Konigsford,S Tokubo,D Webb (1976). Security analysis and enhancements of computer operating systems.
132. R Bisbey,D Hollingworth (1978). Protection analysis: Final report.
133. Thomas Henzinger,Ranjit Jhala,Rupak Majumdar,Grégoire Sutre (2003). Software Verification with BLAST.
134. S Rawat,D Ceara,L Mounier,M.-L Potet Combining static and dynamic analysis for vulnerability detection.
135. R Anderson,E (2005). Security in open versus closed system the dance of boltzmann, coase and moore.
136. John Musa,Kazuhira Okumoto (1984). Application of Basic and Logarithmic Poisson Execution Time Models in Software Reliability Measurement.
137. Johannes Dahse,Thorsten Holz (2014). Simulation of Built-in PHP Features for Precise Static Code Analysis.