Learn EDR Internals: Research & Development From The Masters
Stuck in Tutorial Hell? Learn Backend Dev the Right Way
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the innovative LAVA (Large-scale Automated Vulnerability Addition) technique for generating ground-truth vulnerability corpora in this IEEE Symposium on Security & Privacy conference talk. Delve into the challenges of automating vulnerability discovery and the importance of having reliable datasets for evaluating security tools. Learn how LAVA uses dynamic taint analysis to inject realistic bugs into program source code, accompanied by triggering inputs. Discover the application of LAVA to eight real-world programs, including bash and tshark, and examine the preliminary evaluation results of prominent fuzzing and symbolic execution-based bug finders. Gain insights into the potential of LAVA for creating on-demand vulnerability corpora, enabling rigorous tool evaluation and providing high-quality targets for security tool developers.
Syllabus
Intro
Vulnerability discovery
Vulnerability corpora
Sources
Concept
Panda
Liveness
Graphs
Architecture
Example
LavaMcorpora
Realism
Summary
Taught by
IEEE Symposium on Security and Privacy