A Call for Mandatory Input Validation and Fuzz Testing-Reference-Cited by-同舟云学术

A Call for Mandatory Input Validation and Fuzz Testing

Published:2023-04-19 Issue: Volume: Page:
ISSN:0929-6212
Container-title:Wireless Personal Communications
language:en
Short-container-title:Wireless Pers Commun

Author:

Køien Geir M.^ORCID,Øverlier Lasse

Abstract

AbstractThe on-going digitalization of our critical infrastructures is progressing fast. There is also a growing trend of serious and disrupting cyber-attacks. The digital services are often fragile, and with many weaknesses and vulnerabilities. This makes exploiting and attacking the services a little too easy. If the services verifies all inputs, many security threats will be avoided. Similarly, if one diligently tests the services with malformed inputs, one will uncover many security and software quality problems. In this paper we investigate “input validation” and “fuzz testing” as a means to improve security. The aim is not exhaustive coverage, but to provide indications of usefulness and to serve as a call for action.

Funder

University Of South-Eastern Norway

Publisher

Springer Science and Business Media LLC

Subject

Electrical and Electronic Engineering,Computer Science Applications

Link

https://link.springer.com/content/pdf/10.1007/s11277-023-10431-2.pdf

Reference28 articles.

1. Spafford, E. H. (1989). Crisis and aftermath. Communications of the ACM, 32(6), 678–687.

2. One, Aleph. (1996). Smashing the stack for fun and profit. Phrack Magazine, 7(49), 14–16.

3. Butt, M. A., Ajmal, Z., Khan, Z. I., Idrees, M., & Javed, Y. (2022). An in-depth survey of bypassing buffer overflow mitigation techniques. Applied Sciences, 12, 6702.

4. Kaur, J., & Garg, U. (2022). State-of-the-art survey on web vulnerabilities, threat vectors, and countermeasures, 3–17. Springer Singapore.

5. Di Zio, M., et al. (2016). Methodology for data validation 1.0. Essnet Validat Foundation.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Generative AI for Threat Hunting and Behaviour Analysis;Advances in Digital Crime, Forensics, and Cyber Terrorism;2024-09-13