Scanning software for security vulnerabilities can have many application and be used in many different contexts. A cybersecurity researcher can use it to find vulnerabilities in a software and report them to the developers or for bug bounty programs. Also in the software industry is common practice to scan software to find vulnerabilities before they are exploited by attackers, as security breaches can have serious consequences for the company both finacially and in terms of reputation. Unfortunately, the tools of scanning for security vulnerabilities are not perfect, and will never be perfect. Most of the tools that search for security issues do a wide use of heuristics and therefore the results will contain false positives and false negatives. For what concerns false negatives, we can’t do much about them other that trying to improve the scanning tools. False positives on the other hand can be mitigated by the developers by manually inspecting the results and deciding if the reported vulnerabilities are real or not. This approach can fail on many levels, for example, not all the developers are security experts and they might not be able to understand the security implications of the reported vulnerabilities. Moreover, the process of manually inspecting the results of the scanning tools is time-consuming and can be error-prone. Our idea is to combine the result of the static analisys tools with a dynamic exectution of the supposed vulnerable code. Beign able to execute the vulnerable code in a controlled environment can give us more informations about the vulnerability, and if the vulnerability allows it set up some kind of test or probe to check it automatically. This approach can help developers and security researchers to differentiate between real vulnerabilities and false positives faster if not automatically, and also to provide more informations about the found vulnerabilities as being able to test the code and see what happens can be really handy. In this way we can speed up the process of finding the real vulnerabilities, fix them, and avoid wasting resources on false positives, which is both expensive and frustrating for the developers.
Automatic vulnerability testing in android applications
TODESCATO, MATTEO
2023/2024
Abstract
Scanning software for security vulnerabilities can have many application and be used in many different contexts. A cybersecurity researcher can use it to find vulnerabilities in a software and report them to the developers or for bug bounty programs. Also in the software industry is common practice to scan software to find vulnerabilities before they are exploited by attackers, as security breaches can have serious consequences for the company both finacially and in terms of reputation. Unfortunately, the tools of scanning for security vulnerabilities are not perfect, and will never be perfect. Most of the tools that search for security issues do a wide use of heuristics and therefore the results will contain false positives and false negatives. For what concerns false negatives, we can’t do much about them other that trying to improve the scanning tools. False positives on the other hand can be mitigated by the developers by manually inspecting the results and deciding if the reported vulnerabilities are real or not. This approach can fail on many levels, for example, not all the developers are security experts and they might not be able to understand the security implications of the reported vulnerabilities. Moreover, the process of manually inspecting the results of the scanning tools is time-consuming and can be error-prone. Our idea is to combine the result of the static analisys tools with a dynamic exectution of the supposed vulnerable code. Beign able to execute the vulnerable code in a controlled environment can give us more informations about the vulnerability, and if the vulnerability allows it set up some kind of test or probe to check it automatically. This approach can help developers and security researchers to differentiate between real vulnerabilities and false positives faster if not automatically, and also to provide more informations about the found vulnerabilities as being able to test the code and see what happens can be really handy. In this way we can speed up the process of finding the real vulnerabilities, fix them, and avoid wasting resources on false positives, which is both expensive and frustrating for the developers.| File | Dimensione | Formato | |
|---|---|---|---|
|
MSc_Thesis_Todescato_Matteo.pdf
accesso aperto
Dimensione
2.19 MB
Formato
Adobe PDF
|
2.19 MB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/70925