@incollection{, 25FA62935E5A17FF2BC96720A71C1E6D , author={{BabakSadeghiyan} and {MaryamMouzarani} and {Amirkabir University of Technology}}, journal={{Global Journal of Computer Science and Technology}}, journal={{GJCST}}0975-41720975-435010.34257/gjcst, address={Cambridge, United States}, publisher={Global Journals Organisation}1714161 } @incollection{b0, , title={{Software vulnerabilities, prevention and detection methods: a review}} , author={{ WJimenez } and { AMammar } and { ACavalli } and { RFourier }} , booktitle={{Proceeding of the first International Workshop on Security in Model Driven Architecture}} eeding of the first International Workshop on Security in Model Driven Architecture , publisher={SEC-MDA} , year={2009} } @incollection{b1, , title={{Mitigating program security vulnerabilities: Approaches and challenges}} , author={{ HShahriar } and { MZulkernine }} , journal={{ACM Computing Surveys (CSUR)}} 44 3 11 , year={2012} } @book{b2, , title={{Static techniques for vulnerability detection}} , author={{ KZafar } and { AAli }} , address={Sweden} Linkoping University } @incollection{b3, , title={{A survey of static analysis methods for identifying security vulnerabilities in software systems}} , author={{ MPistoia } and { SChandra } and { SJFink } and { EYahav }} , journal={{IBM Systems Journal}} 46 2 , year={2007} } @incollection{b4, , title={{Software vulnerability discovery techniques: A survey}} , author={{ BLiu } and { LShi } and { ZCai } and { MLi }} , booktitle={{Proceeding of the Fourth International Conference on Multimedia Information Networking and Security (MINES)}} eeding of the Fourth International Conference on Multimedia Information Networking and Security (MINES) , publisher={IEEE} , year={2012} } @book{b5, , author={{ MBishop }} CSE-95- 10 , title={{A taxonomy of unix system and network vulnerabilities}} , year={1995} Department of Computer Science, University of California at Davis , note={Technical Report} } @book{b6, , title={{A critical analysis of vulnerability taxonomies}} , author={{ MBishop } and { DBailey }} CSE-96-11 , year={1996} Department of Computer Science, University of California at Davis. , note={Technical Report} } @book{b7, , title={{Computer security: art and science}} , author={{ MBishop }} , year={2002} , publisher={Addison-Wesley} } @book{b8, , title={{A general framework for categorizing vulnerabilities regarding their impact on security policy}} , author={{ HRShahriari } and { RJalili } and { MBishop }} , publisher={Computers and Security} } @book{b9, , title={{Software vulnerability analysis}} , author={{ IVKrsul }} , year={1998} Purdue University , note={Ph.D. thesis} } @book{b10, , title={{A structured approach to classifying security vulnerabilities}} , author={{ RCSeacord } and { ADHouseholder }} CMU/SEI-2005-TN-003 , note={Technical report} } @book{b11, , title={{Carnegie-mellon univ pittsburgh pa software engineering inst}} , year={2005} } @incollection{b12, , title={{Basic concepts and taxonomy of dependable and secure computing, Dependable and Secure Computing}} , author={{ J.-CAvizienis } and { BLaprie } and { CRandell } and { Landwehr }} , journal={{IEEE Transactions on}} 1 1 , year={2004} } @incollection{b13, , title={{Preventing formatstring attacks via automatic and efficient dynamic checking}} , author={{ MFRingenburg } and { DGrossman }} , booktitle={{Proceedings of the 12 th ACM conference on Computer and communications security}} the 12 th ACM conference on Computer and communications security , publisher={ACM} , year={2005} } @book{b14, , author={{ GMcgraw }} , title={{Software security: building security in}} , publisher={Addison-Wesley Professional} , year={2006} 1 } @book{b15, , title={{How do they do it? a look inside the security development lifecycle at microsoft, MSDN Magazine}} , author={{ MHoward }} , year={2005} } @book{b16, , author={{ NRMead } and { TStehney }} , title={{Security quality requirements engineering (SQUARE) methodology}} , publisher={ACM} , year={2005} 30 } @book{b17, , title={{Secure Coding Guidelines}} , note={Online; accessed 2016-10-14} } @book{b18, , author={{ RCSeacord }} , title={{Secure Coding in C and C++}} , publisher={Pearson Education} , year={2005} } @book{b19, , author={{ FLong } and { DMohindra } and { RCSeacord } and { DFSutherland } and { DSvoboda }} , title={{The CERT Oracle Secure Coding Standard for Java}} , publisher={Addison-Wesley Professional} , year={2011} } @book{b20, , title={{The Shields Project}} , year={2012} , note={Online; accessed 2016-10-23} } @incollection{b21, , title={{Unified modeling of attacks, vulnerabilities and security activities}} , author={{ DByers } and { NShahmehri }} , booktitle={{Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems}} the 2010 ICSE Workshop on Software Engineering for Secure Systems , publisher={ACM} , year={2010} } @incollection{b22, , title={{An advanced approach for modeling and detecting software vulnerabilities}} , author={{ NShahmehri } and { AMammar } and { EMontes De Oca } and { DByers } and { ACavalli } and { SArdi } and { WJimenez }} , journal={{Information and Software Technology}} 54 9 , year={2012} } @incollection{b23, , title={{Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks}} , author={{ CCowan } and { CPu } and { DMaier } and { JWalpole } and { PBakke } and { SBeattie } and { AGrier } and { PWagle } and { QZhang } and { HHinton }} , journal={{Usenix Security}} 98 , year={1998} } @incollection{b24, , title={{Rad: A compile-time solution to buffer overflow attacks}} , author={{ TChiueh } and { F.-HHsu }} , booktitle={{Proceeding of the 21st International Conference on Distributed Computing Systems}} eeding of the 21st International Conference on Distributed Computing Systems , publisher={IEEE} , year={2001. 2001} } @incollection{b25, , title={{Stackoffence: a technique for defending against buffer overflow attacks}} , author={{ BBMadan } and { SPhoha } and { KSTrivedi }} , booktitle={{Proceeding of International Conference on Information Technology: Coding and Computing. ITCC 2005}} eeding of International Conference on Information Technology: Coding and Computing. ITCC 2005 , publisher={IEEE} , year={2005} 1 } @incollection{b26, , author={{ MDalton } and { HKannan } and { CKozyrakis }} , booktitle={{Raksha: a flexible information flow architecture for software security}} , publisher={ACM} , year={2007} 35 } @incollection{b27, , title={{Secure program execution via dynamic information flow tracking}} , author={{ GESuh } and { JWLee } and { DZhang } and { SDevadas }} , journal={{ACM SIGOPS Operating Systems Review}} 38 , year={2004} , publisher={ACM} } @incollection{b28, , title={{Dytan: a generic dynamic taint analysis framework}} , author={{ JClause } and { WLi } and { AOrso }} , booktitle={{Proceedings of the 2007 international symposium on Software testing and analysis}} the 2007 international symposium on Software testing and analysis , publisher={ACM} , year={2007} } @incollection{b29, , title={{Precise clientside protection against dom-based cross-site scripting}} , author={{ BStock } and { SLekies } and { TMueller } and { PSpiegel } and { MJohns }} , booktitle={{Proceedings of the 23rd USENIX security symposium}} the 23rd USENIX security symposium , year={2014} } @incollection{b30, , title={{A method of detecting sql injection attack to secure web applications}} , author={{ SManmadhan } and { TManesh }} , journal={{International Journal of Distributed and Parallel Systems}} 3 6 1 , year={2012} } @incollection{b31, , title={{The essence of command injection attacks in web applications}} , author={{ ZSu } and { GWassermann }} , journal={{ACM SIGPLAN Notices}} 41 , year={2006} , publisher={ACM} } @incollection{b32, , title={{Formatguard: Automatic protection from printf format string vulnerabilities}} , author={{ CCowan } and { MBarringer } and { SBeattie } and { GKroah-Hartman } and { MFrantzen } and { JLokier }} , booktitle={{USENIX Security Symposium}} Washington, DC , year={2001} 91 } @incollection{b33, , title={{Multi-variant program execution: Using multi-core systems to defuse buffer-overflow vulnerabilities}} , author={{ BSalamat } and { AGal } and { TJackson } and { KManivannan } and { GWagner } and { MFranz }} , booktitle={{proceedings of International Conference on Complex, Intelligent and Software Intensive Systems. CISIS 2008}} International Conference on Complex, Intelligent and Software Intensive Systems. CISIS 2008 , publisher={IEEE} , year={2008} } @incollection{b34, , title={{Countering code-injection attacks with instruction-set randomization}} , author={{ GSKc } and { ADKeromytis } and { VPrevelakis }} , booktitle={{Proceedings of the 10 th ACM conference on Computer and communications security}} the 10 th ACM conference on Computer and communications security , publisher={ACM} , year={2003} } @incollection{b35, , title={{An implementation of the binding mechanism in the web browser for preventing xss attacks: introducing the bind-value headers}} , author={{ GIha } and { HDoi }} , booktitle={{Availability, Reliability and Security, 2009. ARES'09. International Conference on}} , publisher={IEEE} , year={2009} } @incollection{b36, , title={{Dynamic code instrumentation to detect and recover from return address corruption}} , author={{ SGupta } and { PPratap } and { HSaran } and { SArun-Kumar }} , booktitle={{A New View on Classification of Software Vulnerability Mitigation Methods 36}} , publisher={ACM} , year={2006} , note={Proceedings of the 2006 international workshop on Dynamic systems analysis} } @incollection{b37, , title={{Automatic generation of vulnerability specific patches for preventing component hijacking attacks in android applications}} , author={{ MZhang } and { HYin } and { Appsealer }} , booktitle={{Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS 2014)}} the 21th Annual Network and Distributed System Security Symposium (NDSS 2014) , year={2014} } @incollection{b38, , title={{Shieldgen: Automatic data patch generation for unknown vulnerabilities with informed probing}} , author={{ WCui } and { MPeinado } and { HJWang } and { MELocasto }} , journal={{IEEE Symposium on}} , year={2007. 2007} , publisher={IEEE} , note={SP'07} } @incollection{b39, , title={{Diagnosis and emergency patch generation for integer overflow exploits}} , author={{ TWang } and { CSong } and { WLee }} , booktitle={{Detection of Intrusions and Malware, and Vulnerability Assessment}} , publisher={Springer} , year={2014} } @incollection{b40, , title={{Automatic patch generation for buffer overflow attacks, in: Information Assurance and Security}} , author={{ ASmirnov } and { TChiueh }} , booktitle={{IAS 2007. Third International Symposium on}} , publisher={IEEE} , year={2007. 2007} } @book{b41, , title={{Automatic synthesis of filters to discard buffer overflow attacks: A step towards realizing self-healing systems}} , author={{ ZLiang } and { RSekar } and { DCDuvarney }} } @incollection{b42, , title={{Automatic diagnosis and response to memory corruption vulnerabilities}} , author={{ JXu } and { PNing } and { CKil } and { YZhai } and { CBookholt }} , booktitle={{Proceedings of the 12th ACM conference on Computer and communications security}} the 12th ACM conference on Computer and communications security , publisher={ACM} , year={2005} } @incollection{b43, , title={{Static and dynamic analysis: Synergy and duality}} , author={{ MDErnst }} , booktitle={{WODA 2003: ICSE Workshop on Dynamic Analysis}} , year={2003} } @book{b44, , title={{}} , author={{ DAWheeler } and { Flawfinder }} , year={2001} , note={Online; accessed 2016-10-23} } @incollection{b45, , title={{Its4: A static vulnerability scanner for c and c++ code}} , author={{ JViega } and { J.-TBloch } and { YKohno } and { GMcgraw }} , booktitle={{Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC'00}} the 16th Annual Computer Security Applications Conference, ACSAC'00 , publisher={IEEE} , year={2000} } @book{b46, , title={{Lint, a C program checker}} , author={{ SCJohnson }} , year={1977} Bell Telephone Laboratories } @incollection{b47, , title={{Generalized vulnerability extrapolation using abstract syntax trees}} , author={{ FYamaguchi } and { MLottmann } and { KRieck }} , booktitle={{Proceedings of the 28 th Annual Computer Security Applications Conference}} the 28 th Annual Computer Security Applications Conference , publisher={ACM} , year={2012} } @incollection{b48, , title={{Applying dataflow analysis to detecting software vulnerability}} , author={{ HKim } and { T.-HChoi } and { S.-CJung } and { H.-CKim } and { OLee } and { K.-GDoh }} , booktitle={{Proceeding of the 10th International Conference on Advanced Communication Technology. ICACT}} eeding of the 10th International Conference on Advanced Communication Technology. ICACT , publisher={IEEE} , year={2008. 2008} 1 } @incollection{b49, , title={{Pixy: A static analysis tool for detecting web application vulnerabilities}} , author={{ NJovanovic } and { CKruegel } and { EKirda }} , booktitle={{Proceeding of the 2006 IEEE Symposium on Security and Privacy}} eeding of the 2006 IEEE Symposium on Security and Privacy , publisher={IEEE} , year={2006} 6 } @book{b50, , title={{A first step towards automated detection of buffer overrun vulnerabilities}} , author={{ DWagner } and { JSFoster } and { EABrewer } and { AAiken }} , year={2000} , publisher={NDSS} } @incollection{b51, , title={{Buffer overrun detection using linear programming and static analysis}} , author={{ ,SV Ganapathy } and { DJha } and { DChandler } and { DMelski } and { Vitek }} , booktitle={{Proceedings of the 10th ACM conference on Computer and communications security}} the 10th ACM conference on Computer and communications security , publisher={ACM} , year={2003} } @incollection{b52, , title={{Detecting memory access errors with flow-sensitive conditional range analysis}} , author={{ YXia } and { JLuo } and { MZhang }} , booktitle={{Embedded Software and Systems}} , publisher={Springer} , year={2005} } @book{b53, , title={{Symbolic string verification: Combining string analysis and size analysis, in: Tools and Algorithms for the Construction and Analysis of Systems}} , author={{ FYu } and { TBultan } and { OHIbarra }} , year={2009} , publisher={Springer} } @incollection{b54, , title={{Improving security using extensible lightweight static analysis, software}} , author={{ DEvans } and { DLarochelle }} , journal={{IEEE}} 19 1 , year={2002} } @incollection{b55, , title={{Meca: an extensible, expressive system and language for statically checking security properties}} , author={{ JYang } and { TKremenek } and { YXie } and { DEngler }} , booktitle={{Proceedings of the 10th ACM conference on Computer and communications security}} the 10th ACM conference on Computer and communications security , publisher={ACM} , year={2003} } @incollection{b56, , title={{Accelerating the annotation of sparse named entities by dynamic sentence selection}} , author={{ YTsuruoka } and { JTsujii } and { SAnaniadou }} , journal={{BMC bioinformatics}} 9 11 S8 , year={2008} , note={Suppl} } @book{b57, , author={{ MHoward }} 2016-10-22 , title={{A brief introduction to the standard annotation language (SAL)}} , year={2006/05/19/602077.aspx. 2006} } @incollection{b58, , title={{acomment: mining annotations from comments and code to detect interrupt related concurrency bugs}} , author={{ LTan } and { YZhou } and { YPadioleau }} , booktitle={{Proceedings of the 33rd international conference on software engineering}} the 33rd international conference on software engineering , publisher={ACM} , year={2011} } @incollection{b59, , title={{Simplify: a theorem prover for program checking}} , author={{ DDetlefs } and { GNelson } and { JBSaxe }} , journal={{Journal of the ACM (JACM)}} 52 3 , year={2005} } @incollection{b60, , author={{ GTian-Yang } and { SYin-Sheng } and { FYou-Yuan }} , booktitle={{Research on software security testing}} , year={2010} 70 } @book{b61, , title={{Precise buffer overflow detection via model checking}} , author={{ SChaki } and { SHissam }} , year={2005} } @incollection{b62, , title={{Merging static analysis and model checking for improved security vulnerability detection}} , booktitle={{A New View on Classification of Software Vulnerability Mitigation Methods USENIX Annual Technical Conference}} , editor={ . W.-SR¨odiger } , year={2005. 2011} Dept. of Com. Sc. Augsburg University , note={General Track. Ph.D. thesis, Master thesis} } @incollection{b63, , title={{Mops: an infrastructure for examining security properties of software}} , author={{ HChen } and { DWagner }} , booktitle={{Proceedings of the 9th ACM conference on Computer and communications security}} the 9th ACM conference on Computer and communications security , publisher={ACM} , year={2002} } @incollection{b64, , title={{Modelchecking for software vulnerabilities detection with multi-language support}} , author={{ RHadjidj } and { XYang } and { STlili } and { MDebbabi }} , booktitle={{Proceeding of the sixth Annual Conference on Privacy, Security and Trust, PST'08}} eeding of the sixth Annual Conference on Privacy, Security and Trust, PST'08 , publisher={IEEE} , year={2008} } @incollection{b65, , title={{Efficient algorithms for model checking pushdown systems}} , author={{ JEsparza } and { DHansel } and { PRossmanith } and { SSchwoon }} , booktitle={{Computer Aided Verification}} , publisher={Springer} , year={2000} } @incollection{b66, , title={{A method for detecting software vulnerabilities based on clustering and model analyzing}} , author={{ JRen } and { BCai } and { HHe } and { CHu }} , journal={{Journal of Computational Information Systems}} 7 4 , year={2011} } @incollection{b67, , title={{Finding security vulnerabilities in java applications with static analysis}} , author={{ BLivshits } and { MSLam }} , booktitle={{Proceedings of the 14th conference on USENIX Security Symposium}} the 14th conference on USENIX Security Symposium , year={2005} 14 } @incollection{b68, , title={{Static detection of cross-site scripting vulnerabilities}} , author={{ GWassermann } and { ZSu }} , booktitle={{Proceeding of the ACM/IEEE 30th International Conference on Software Engineering. ICSE'08}} eeding of the ACM/IEEE 30th International Conference on Software Engineering. ICSE'08 , publisher={IEEE} , year={2008} } @incollection{b69, , title={{Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software}} , author={{ JNewsome } and { DSong }} , booktitle={{Proceedings of the 12th Network and Distributed System Security Symposium (NDSS05)}} the 12th Network and Distributed System Security Symposium (NDSS05) , year={2005} } @incollection{b70, , title={{Fast and precise sanitizer analysis with bek}} , author={{ PHooimeijer } and { BLivshits } and { DMolnar } and { PSaxena } and { MVeanes }} , booktitle={{Proceedings of the 20 th USENIX conference on Security, USENIX Association}} the 20 th USENIX conference on Security, USENIX Association , year={2011} } @incollection{b71, , title={{Automated detection of code vulnerabilities based on program analysis and model checking}} , author={{ LWang } and { QZhang } and { PZhao }} , booktitle={{Proceeding of the Eighth IEEE International Working Conference on Source Code Analysis and Manipulation}} eeding of the Eighth IEEE International Working Conference on Source Code Analysis and Manipulation , publisher={IEEE} , year={2008} } @incollection{b72, , title={{Toward black-box detection of logic flaws in web applications}} , author={{ GPellegrino } and { DBalzarotti }} , booktitle={{Proceedings of the Network and Distributed System Security (NDSS) Symposium}} the Network and Distributed System Security (NDSS) Symposium , year={2014} } @incollection{b73, , title={{Secubat: a web vulnerability scanner}} , author={{ SKals } and { EKirda } and { CKruegel } and { NJovanovic }} , booktitle={{Proceedings of the 15th international conference on World Wide Web}} the 15th international conference on World Wide Web , publisher={ACM} , year={2006} } @book{b74, , author={{ JDA Takanen } and { CDemott } and { Miller }} , title={{Fuzzing for software security testing and quality assurance}} , publisher={Artech House} , year={2008} } @incollection{b75, , title={{Simfuzz: Test case similarity directed deep fuzzing}} , author={{ DZhang } and { DLiu } and { YLei } and { DKung } and { CCsallner } and { NNystrom } and { WWang }} , journal={{Journal of Systems and Software}} 85 1 , year={2012} } @incollection{b76, , title={{Taintscope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection}} , author={{ TWang } and { TWei } and { GGu } and { WZou }} , booktitle={{Proceeding of 2010 IEEE Symposium on Security and Privacy (SP)}} eeding of 2010 IEEE Symposium on Security and Privacy (SP) , publisher={IEEE} , year={2010} } @incollection{b77, , title={{Enemy of the state: A state-aware black-box web vulnerability scanner}} , author={{ LDoup´e } and { CCavedon } and { GKruegel } and { Vigna }} , booktitle={{USENIX Security Symposium}} , year={2012} } @book{b78, , title={{Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs}} , author={{ DCadar } and { DRDunbar } and { Engler }} , year={2008} , publisher={OSDI} 8 } @incollection{b79, , title={{Automated whitebox fuzz testing}} , author={{ PGodefroid } and { MYLevin } and { DAMolnar }} , journal={{NDSS}} 8 , year={2008} } @incollection{b80, , title={{Exe: automatically generating inputs of death}} , author={{ CCadar } and { VGanesh } and { PMPawlowski } and { DLDill } and { DREngler }} , journal={{ACM Transactions on Information and System Security}} 12 2 10 , year={2008} , note={TISSEC)} } @incollection{b81, , title={{Dowsing for overflows: A guided fuzzer to find buffer boundary violations}} , author={{ AHaller } and { MSlowinska } and { HNeugschwandtner } and { Bos }} , booktitle={{Usenix Security}} , year={2013} } @incollection{b82, , title={{Vulnerability detection syst ems:Think cyborg, not robot}} , author={{ SHeelan }} , journal={{IEEE Security and Privacy}} 9 } @incollection{b83, , title={{Automated vulnerability analysis: Leveraging control flow for evolutionary input crafting}} , author={{ SSparks } and { SEmbleton } and { RCunningham } and { CZou }} , booktitle={{Proceeding of Twenty-Third Annual Computer Security Applications Conference. ACSAC}} eeding of Twenty-Third Annual Computer Security Applications Conference. ACSAC , publisher={IEEE} , year={2007. 2007} } @book{b84, , title={{Revolutionizing the field of greybox attack surface testing with evolutionary fuzzing}} , author={{ JDemott } and { REnbody } and { WFPunch }} , note={BlackHat and Defcon} } @incollection{b85, , title={{Music: Mutation-based sql injection vulnerability checking}} , author={{ HShahriar } and { MZulkernine }} , booktitle={{Proceeding of the Eighth International Conference on Quality Software. QSIC'08}} eeding of the Eighth International Conference on Quality Software. QSIC'08 , publisher={IEEE} , year={2008} } @incollection{b86, , title={{Extending model checking with dynamic analysis}} , author={{ RGroce } and { Joshi }} , booktitle={{Verification, Model Checking, and Abstract Interpretation}} , publisher={Springer} , year={2008} } @incollection{b87, , title={{Software model checking}} , author={{ RJhala } and { RMajumdar }} , journal={{ACM Computing Surveys (CSUR)}} 41 4 21 , year={2009} } @incollection{b88, , title={{Model checking for programming languages using verisoft}} , author={{ PGodefroid }} , booktitle={{Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages}} the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , publisher={ACM} , year={1997} } @incollection{b89, , title={{Model checking java programs using java pathfinder}} , author={{ KHavelund } and { TPressburger }} , booktitle={{International A New View on Classification of Software Vulnerability Mitigation Methods Journal on Software Tools for Technology Transfer}} , year={2000} 2 } @incollection{b90, , title={{Cmc: A pragmatic approach to model checking real code}} , author={{ MMusuvathi } and { DYPark } and { AChou } and { DREngler } and { DLDill }} , journal={{ACM SIGOPS Operating Systems Review}} 36 SI , year={2002} } @incollection{b91, , title={{Bogor: an extensible and highly-modular software model checking framework}} , author={{ MBDwyer } and { JHatcliff }} , journal={{ACM SIGSOFT Software Engineering Notes}} 28 , year={2003} , publisher={ACM} } @incollection{b92, , title={{Dart: directed automated random testing}} , author={{ PGodefroid } and { NKlarlund } and { KSen }} , journal={{ACM Sigplan Notices}} 40 , year={2005} , publisher={ACM} } @incollection{b93, , title={{All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask}} , author={{ EJSchwartz } and { TAvgerinos } and { DBrumley }} , booktitle={{Proceeding of the 2010 IEEE Symposium on Security and Privacy (SP)}} eeding of the 2010 IEEE Symposium on Security and Privacy (SP) , publisher={IEEE} , year={2010} } @incollection{b94, , title={{25 million flows later: large-scale detection of dom-based xss}} , author={{ SLekies } and { BStock } and { MJohns }} , booktitle={{Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security}} the 2013 ACM SIGSAC conference on Computer & communications security , publisher={ACM} , year={2013} } @book{b95, , title={{Dta++: Dynamictaint analysis with targeted controlflow propagation}} , author={{ MGKang } and { SMccamant } and { PPoosankam } and { DSong }} , year={2011} , publisher={NDSS} } @incollection{b96, , title={{Saner: Composing static and dynamic analysis to validate sanitization in web applications}} , author={{ DBalzarotti } and { MCova } and { VFelmetsger } and { NJovanovic } and { EKirda } and { CKruegel } and { GVigna }} , booktitle={{Proceeding of IEEE Symposium on Security and Privacy}} eeding of IEEE Symposium on Security and Privacy , publisher={IEEE} , year={2008. 2008} } @incollection{b97, , title={{On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices}} , author={{ GSarwar } and { OMehani } and { RBoreli } and { DKaafar }} , booktitle={{Proceeding of the 10th International Conference on Security and Cryptography (SECRYPT)}} eeding of the 10th International Conference on Security and Cryptography (SECRYPT) , year={2013} } @incollection{b98, , title={{A program testing system}} , author={{ LAClarke }} , booktitle={{Proceedings of the 1976 annual conference}} the 1976 annual conference , publisher={ACM} , year={1976} } @incollection{b99, , title={{Fie on firmware: Finding vulnerabilities in embedded systems using symbolic execution}} , author={{ DDavidson } and { BMoench } and { TRistenpart } and { SJha }} , booktitle={{USENIX Security}} , year={2013} } @incollection{b100, , title={{A decision procedure for bitvectors and arrays}} , author={{ DLV Ganesh } and { Dill }} , booktitle={{Computer Aided Verification}} , publisher={Springer} , year={2007} } @book{b101, , title={{Z3: An efficient smt solver, in: Tools and Algorithms for the Construction and Analysis of Systems}} , author={{ LDe Moura } and { NBjørner }} , year={2008} , publisher={Springer} } @incollection{b102, , title={{Hampi: a solver for string constraints}} , author={{ VKiezun } and { PJGanesh } and { PGuo } and { MDHooimeijer } and { Ernst }} , booktitle={{Proceedings of the eighteenth international symposium on Software testing and analysis}} the eighteenth international symposium on Software testing and analysis , publisher={ACM} , year={2009} } @incollection{b103, , title={{S3: A symbolic string solver for vulnerability detection in web applications}} , author={{ M.-TTrinh } and { D.-HChu } and { JJaffar }} , booktitle={{Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security}} the 2014 ACM SIGSAC Conference on Computer and Communications Security , publisher={ACM} , year={2014} } @incollection{b104, , title={{Symbolic execution for software testing: three decades later}} , author={{ CCadar } and { KSen }} , journal={{Communications of the ACM}} 56 2 , year={2013} } @incollection{b105, , title={{Linear obfuscation to combat symbolic execution}} , author={{ ZWang } and { JMing } and { CJia } and { DGao }} , booktitle={{Computer Security-ESORICS 2011}} , publisher={Springer} , year={2011} } @incollection{b106, , title={{Dynamic test generation to find integer bugs in x86 binary linux programs}} , author={{ KSen } and { DMarinov } and { GAgha } and { ; DMolnar } and { XCLi } and { DAWagner }} , booktitle={{Proceedings of the 18 th conference on USENIX security symposium}} the 18 th conference on USENIX security symposium , publisher={ACM} , year={2005. 2009} 30 , note={CUTE: a concolic unit testing engine for C} } @incollection{b107, , title={{Model-inference-assisted concolic exploration for protocol and vulnerability discovery}} , author={{ CYCho } and { DBabic } and { PPoosankam } and { KZChen } and { EXWu } and { DSong } and { Mace }} , booktitle={{USENIX Security Symposium}} , year={2011} } @incollection{b108, , title={{A hybrid analysis framework for detecting web application vulnerabilities}} , author={{ MMonga } and { RPaleari } and { EPasserini }} , booktitle={{Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems}} the 2009 ICSE Workshop on Software Engineering for Secure Systems , publisher={IEEE Computer Society} , year={2009} } @incollection{b109, , title={{Combining static analysis and runtime monitoring to counter sql-injection attacks}} , author={{ WGHalfond } and { AOrso }} , journal={{ACM SIGSOFT Software Engineering Notes}} 30 , year={2005} , publisher={ACM} } @incollection{b110, , title={{Toward automated detection of logic vulnerabilities in web applications}} , author={{ LFelmetsger } and { CCavedon } and { GKruegel } and { Vigna }} , booktitle={{USENIX Security Symposium}} , year={2010} } @incollection{b111, , author={{ S.-WWoo } and { HJoh } and { OHAlhazmi } and { YKMalaiya }} , booktitle={{Modeling vulnerability discovery process in apache and iis http servers}} , year={2011} 30 } @book{b112, , author={{ OHAlhazmi } and { YKMalaiya }} , title={{Proceedings of annual reliability and maintainability symposium}} annual reliability and maintainability symposium , year={2005} , note={Quantitative vulnerability assessment of systems software} } @book{b113, , author={{ OAlhazmi } and { YMalaiya } and { IRay }} , title={{Security vulnerabilities in software systems: A quantitative perspective}} , publisher={Springer} , year={2005} , note={Data and Applications Security XIX} } @incollection{b114, , title={{Vulnerability scrying method for software vulnerability discovery prediction without a vulnerability database, Reliability}} , author={{ SRahimi } and { MZargham }} , journal={{IEEE Transactions on}} 62 2 , year={2013} } @incollection{b115, , title={{Application of vulnerability discovery models to major operating A New View on Classification of Software Vulnerability Mitigation Methods systems, Reliability}} , author={{ OHAlhazmi } and { YKMalaiya }} , journal={{IEEE Transactions on}} 57 1 , year={2008} } @incollection{b116, , title={{Seasonal variation in the vulnerability discovery process}} , author={{ HJoh } and { YKMalaiya }} , booktitle={{Proceedings of ICST'09 International Conference on Software Testing Verification and Validation}} ICST'09 International Conference on Software Testing Verification and Validation , publisher={IEEE} , year={2009. 2009} } @book{b117, , title={{Application Security Verification Standard (ASVS)}} , note={Online; accessed 2016-10-8} } @incollection{b118, , title={{It's the psychology stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer's blind spots}} , author={{ DOliveira } and { MRosenthal } and { NMorin } and { K.-CYeh } and { JCappos } and { YZhuang }} , booktitle={{Proceedings of the 30th Annual Computer Security Applications Conference}} the 30th Annual Computer Security Applications Conference , publisher={ACM} , year={2014} } @book{b119, , title={{Using replicated execution for a more secure and reliable web browser}} , author={{ HXue } and { NDautenhahn } and { STKing }} , year={2012} , publisher={NDSS} } @incollection{b120, , title={{Eternal war in memory}} , author={{ LSzekeres } and { MPayer } and { TWei } and { DSong }} , booktitle={{IEEE Symposium on Security and Privacy}} , year={2013} } @incollection{b121, , title={{Multi-module vulnerability analysis of web-based applications}} , author={{ DBalzarotti } and { MCova } and { VVFelmetsger } and { GVigna }} , booktitle={{Proceedings of the 14th ACM conference on Computer and communications security}} the 14th ACM conference on Computer and communications security , publisher={ACM} , year={2007} } @incollection{b122, , title={{State of the art: Automated black-box web application vulnerability testing}} , author={{ JBau } and { EBursztein } and { DGupta } and { JMitchell }} , booktitle={{Proceeding of the 2010 IEEE Symposium on Security and Privacy (SP)}} eeding of the 2010 IEEE Symposium on Security and Privacy (SP) , publisher={IEEE} , year={2010} } @incollection{b123, , title={{Supporting automated vulnerability analysis using formalized vulnerability signatures}} , author={{ MAlmorsy } and { JGrundy } and { ASIbrahim }} , booktitle={{Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering}} the 27th IEEE/ACM International Conference on Automated Software Engineering , publisher={ACM} , year={2012} } @incollection{b124, , title={{Modeling and discovering vulnerabilities with code property graphs}} , author={{ FYamaguchi } and { NGolde } and { DArp } and { KRieck }} , booktitle={{Proceedings of 2014 IEEE Symposium on Security and Privacy (SP)}} 2014 IEEE Symposium on Security and Privacy (SP) , publisher={IEEE} , year={2014} } @incollection{b125, , title={{Vdc-based dynamic code analysis: Application to c programs}} , author={{ WMallouli } and { AMammar } and { ACavalli } and { WJimenez }} , journal={{Journal of Internet Services and Information Security}} 1 2/3 , year={2011} } @book{b126, , title={{Improving software security with precise static and runtime analysis}} , author={{ BLivshits }} , year={2006} Stanford University , note={Ph.D. thesis} } @incollection{b127, , title={{Detecting format string vulnerabilities with type qualifiers}} , author={{ UShankar } and { KTalwar } and { JSFoster } and { DWagner }} , booktitle={{USENIX Security Symposium}} , year={2001} } @incollection{b128, , title={{Proving properties of security protocols by induction}} , author={{ LCPaulson }} , booktitle={{Proceedings of the 10th workshop on Computer Security Foundations}} the 10th workshop on Computer Security Foundations , publisher={IEEE} , year={1997} } @incollection{b129, , title={{A logic of authentication}} , author={{ MBurrows } and { MAbadi } and { RMNeedham }} , journal={{Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences}} 426 , year={1989} , publisher={The Royal Society} } @book{b130, , author={{ TNipkow } and { LCPaulson } and { MWenzel }} , title={{Isabelle/HOL: a proof assistant for higher-order logic}} , publisher={Springer Science & Business Media} , year={2002} 2283 } @incollection{b131, , title={{Statically detecting likely buffer overflow vulnerabilities}} , author={{ DLarochelle } and { DEvans }} , booktitle={{USENIX Security Symposium}} , editor={ .C ELandwehr ARBull JPMcdermott WSChoi } Washington DC , year={2001. 1994} 32 , note={A taxonomy of computer program security flaws} } @incollection{b132, , title={{Security analysis and enhancements of computer operating systems}} , author={{ RPAbbott } and { JSChin } and { JEDonnelley } and { WLKonigsford } and { STokubo } and { DAWebb }} NBSIR-76- 1041 , booktitle={{National bureau of standards Washington inst for computer sciences and technology}} , year={1976} , note={Technical report} } @book{b133, , author={{ RBisbey } and { DHollingworth }} , title={{Protection analysis: Final report}} , year={1978} } @incollection{b134, , author={{ PAnderson }} , booktitle={{Codesurfer/path inspector, Proceeding of the 20th IEEE International Conference on Software Maintenance}} , year={2004. 2004} } @incollection{b135, , title={{Software verification with blast}} , author={{ TAHenzinger } and { RJhala } and { RMajumdar } and { GSutre }} , booktitle={{Model Checking Software}} , publisher={Springer} , year={2003} } @book{b136, , author={{ SRawat } and { DCeara } and { LMounier } and { M.-LPotet }} arXiv:1305.3883 , title={{Combining static and dynamic analysis for vulnerability detection}} , note={arXiv preprint} } @incollection{b137, , title={{Security in open versus closed system the dance of boltzmann, coase and moore}} , author={{ RAnderson }} , journal={{Open Source Software Economics}} } @incollection{b138, , title={{Is finding security holes a good idea?}} , author={{ ERescorla }} , booktitle={{Security & Privacy}} , year={2005} 3 } @incollection{b139, , title={{A logarithmic poisson execution time model for software reliability measurement}} , author={{ JDMusa } and { KOkumoto }} , booktitle={{Proceedings of the 7 th i nternational conference on Software engineering}} the 7 th i nternational conference on Software engineering , publisher={IEEE Press} , year={1984} } @incollection{b140, , title={{Simulation of built-in php features for precise static code analysis}} , author={{ JDahse } and { THolz }} , booktitle={{Symposium on Network and Distributed System Security (NDSS)}} , year={2014} }