Highest Voted 'dynamic-analysis' Questions - IT Security Stack Exchange

5

votes

2 answers

Fuzzing versus Symbolic Execution -- what's the difference?

Fuzzing, per a current Wikipedia definition is defined the following way: Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is…

fuzzing dynamic-analysis

asked Nov 01 '18 at 20:47

Bradley Evans

275
2
6

4

votes

2 answers

Can results from DAST (Dynamic Application Security Testing) tools be false positive?

I know results from Static Application Security Testing (SAST) can be false positives or real and it is up to the security analyst and developer to decide which vulnerability is real based on the scenario and context. Is the same applicable to DAST…

appsec process dynamic-analysis sdlc

asked May 09 '18 at 23:07

Puja

79
2

3

votes

1 answer

What is the relationship between HTTP response codes and successful execution of XSS attacks?

What is the relationship between HTTP response codes and successful execution of XSS attacks? For e.g I am using a commercial vulnerability scanner that reports XSS vulnerability found in a certain web page. It further describes the attack by…

xss appsec dynamic-analysis

asked May 09 '18 at 19:42

Puja

79
2

3

votes

1 answer

Is it possible to make my host completely safe from the virtual machine (where I will do malware analysis)?

I am using Windows 10 Home edition (Fall creators update), 750 GB HDD. I use Oracle VirtualBox, and I have two virtual machines there: Windows 7 (32 bit) and Ubuntu 14.04.5. I will do malware-analysis inside the virtual machines. I will run malwares…

malware virtualization dynamic-analysis

asked Nov 19 '17 at 14:20

danver

31
1

2

votes

3 answers

How do you test security tools

I am planning to purchase a security tool like fortify, or sonarqube or snyk. How do you evaluate if the scanner really picks up static vulnerabilities and malware, as well runtime attacks? Any good docker image sample which contains good malware…

vulnerability-scanners static-analysis dynamic-analysis

asked Nov 11 '21 at 16:11

user12158726

121
3

2

votes

0 answers

Creating a dynamic malware analysis environment

I have analysed a shortcut virus statically and its impact on USB drives and wrote a code to repair its damage. My static analysis of this malware on USB drives: It creates shortcuts for all folders and files present in my removable drive. In order…

malware virtualization dynamic-analysis

asked Mar 17 '16 at 16:04

VISWESWARAN NAGASIVAM

273
2
15

1

vote

2 answers

VeraCode static code scan reports "Improper Neutralization of CRLF Sequences in HTTP Headers" for frontend code

I have the following code in my frontend javascript which basically reads the csrf cookie value and sets that in the ajax calls done via jquery. var csrftoken = self.getCookie('csrftoken'); xhr.setRequestHeader("X-CSRFToken",…

vulnerability-scanners static-analysis dynamic-analysis

asked Jan 06 '20 at 13:00

Divick

121
2

1

vote

1 answer

VeraCode static code scan of django view reports "External control of Filename or Path" on render method

Veracode is reporting a security issue on a piece of code which seems pretty innocuous to me. The code is built with python/Django and the line in question is: return render(request, 'core/create-user.html', context) The render shortcut for django…

vulnerability-scanners static-analysis dynamic-analysis

asked Jan 06 '20 at 11:57

Divick

121
2

1

vote

1 answer

Is it correct to say that AVs use the same signature-based detection methods in emulation as they do on static binaries?

Many malwares can be packed or encrypted and AVs will emulate their execution to allow them to unpack or decrypt themselves. Once they do, are AVs simply using the same hashing or pattern-matching techniques that they would use on a static binary or…

malware antivirus antimalware dynamic-analysis

asked Jul 07 '19 at 15:47

chillsauce

345
1
7

1

vote

1 answer

Malware Execution Delay

I am new to malware analysis and am currently using Cuckoo to understand some of the basics. I am trying to figure the time that the malware delays its initial executions. I found a functional call NtDelayExecution in the API/System calls that had…

malware tools dynamic-analysis

asked Oct 10 '18 at 17:39

cosmicrao

61
1
5

1

vote

1 answer

Extract urls from obfuscated android malware

Working on android malwares, i have faced many android malwares that typically contain urls which are bank phishing page. This type of malwares are growing in number so an automated detection system is really needed. The very first step to detect…

malware android obfuscation static-analysis dynamic-analysis

asked Apr 30 '18 at 19:15

Mehran Torki

123
5

0

votes

2 answers

Dynamic Application Security Testing (DAST) Scanner for Post Authentication

I am wondering if anyone know's of a DAST Scanner than can either take in an authenticated request from somewhere like burp, OR some DAST software that takes username and password and then run DAST scans against the target. I've used a ton of DAST…

runtime dynamic-analysis

asked Jul 26 '19 at 17:58

Jshee

121
4

0

votes

1 answer

Adding Floating point operations to fuzzing?

During analysing a software testing paper I read We plan to add floating-point operations in order to extend fuzz testing capability. What kind of benefits I can expect from adding floating point operations to fuzzing techniques? What are the…

fuzzing automated-testing dynamic-analysis

asked Jul 26 '19 at 14:02

Ali

31
3

Questions tagged [dynamic-analysis]