Oracle Corporation
Guided security analysis

Abstract:

A method may include generating a callgraph by performing a static analysis of code that includes event handlers, and selecting, using the callgraph, a state of the code, selecting, using the callgraph, an event enabled in the selected state. The event corresponds to an event handler. The method may further include obtaining an input, obtaining a next state by executing the event handler with the obtained input in the selected state, in response to executing the event handler, generating an input modification rule using the obtained input, and generating, using the input modification rule and the obtained input, a modified input that bypasses a guard in the code that controls access to the point of interest.