Problems of Automated Generation of Exploits on the Basis of Source Code
Authors: Sergey Plekhov and Alexey Moskvin
Automated generation of exploits and source code analysis have their intricacy. For example, using only static analysis, one is unable neither to monitor the interaction of an application with a database, nor to analyze obfuscated code, nor to reveal vulnerabilities caused by system misconfiguration. Meanwhile, dynamic analysis requires an application to be deployed (installed and configured), which is difficult to fulfill if the application is a complex enterprise solution. Moreover, there are a number of vulnerabilities that are undetectable by fuzzing (dynamic analysis). In real life, neither static nor dynamic analyses give complete code coverage and reveal all vulnerabilities. Static analysis gives large amount of false positives, which depreciates the resulting reports if the detected vulnerabilities cannot be verified. The authors present the results obtained with an approach combining both static and dynamic analysis, which allows not only detecting vulnerabilities, but also generating exploits for them.
Sergey Plekhov is a leading expert at Positive Technologies. He specializes on the issues of security analysis of application source code with static and dynamic methods.
Aleksey Moskvin is a security expert at Positive Technologies. He specializes on solving tasks of application source code analysis.