Применение технологий символьно-конкретного тестирования и машинного обучения для автоматизации обнаружения уязвимостей программного обеспечения

Abstract

Security testing is important stage of software development life cycle. However, security testing requires considerable time from highly skilled security experts. The aim of the article is to describe techniques for reducing the number of false positives and false negatives in the automation vulnerability disclosure process. This paper is about an approach for software vulnerabilities discovery using concolic testing and machine learning techniques. Machine learning techniques are used to reduce the number of execution paths during concolic testing. This approach can be used to automate security testing. In this paper, security test cases and traces of previous version of software and similar software are used for training dataset for our models. This scheme of automation vulnerability disclosure will be used to build automation security testing system of software.