漏洞检测
软件工程小施同学
区块链、DevOps、小程序、软件工程
展开
-
linter是什么
linter检查代码风格/错误的小工具,作用是提高代码质量、让你方便的发现一些typo。类似于word当中的拼写检查,只是word检查的是自然语言,而linter检查的是代码。https://www.zhihu.com/question/28421865...原创 2021-04-13 09:30:11 · 887 阅读 · 0 评论 -
TLA+是什么
对于一套系统的设计,通常我都是想好了,然后直接捋起袖子写代码了。写完了,在开始加很多 test 来保证它的正确性。但其实,我并不能保证设计是完全正确的。也就是说,我的实现满足了该系统的需求,但也有可能在一些 corner case 上面并没有考虑周全。同时, 虽然后面可以写很多 test,但并不一定能 cover 到所有的分支。所以,为了更好的确保设计的正确性,我们需要使用 TLA+ 或者其他类似的工具。TLA+ 是一门形式规格说明语言(formal specification l.原创 2021-04-08 16:08:36 · 1306 阅读 · 3 评论 -
漏洞检测 Fuzzing模糊测试是什么
FuzzingFuzzing (Sutton et al. 2007) is currently the most popular vulnerability discovery technique. Fuzzing was first proposed by Barton Miller at the University of Wisconsin in 1990s. Conceptually, a fuzzing test starts with generating massive normal a原创 2021-03-28 22:01:33 · 594 阅读 · 0 评论 -
漏洞检测 Symbolic execution符号执行是什么
Symbolic execution符号执行Symbolic execution (King 1976) is another vulnerability discovery technique that is considered to be very promising. By symbolizing the program inputs, the symbolic execution maintains a set of constraints for each execution path.原创 2021-03-28 21:20:39 · 987 阅读 · 0 评论 -
漏洞分析 dynamic analysis动态分析是什么
In contrast to static analysis, in dynamic analysis of programs, an analyst need to execute the target program in real systems or emulators (Wikipedia 2017). By monitoring the running states and analyzing the runtime knowledge, dynamic analysis tools can d原创 2021-03-27 22:55:53 · 1258 阅读 · 1 评论 -
漏洞检测 Static analysis 静态分析是什么
Static analysis is the analysis of programs that is performed without actually executing the programs (Wichmann et al. 1995). Instead, static analysis is usually performed on the source code and sometimes on the object code as well. By analysis on the lexi原创 2021-03-27 22:48:49 · 996 阅读 · 1 评论