|
Runtime Error Detection
Runtime error detection is a software verification method that analyzes a software application as it executes and reports defects that are detected during that execution. It can be applied during unit testing, component testing, integration testing, system testing (automated/scripted or manual), or penetration testing. Runtime error detection can identify defects that manifest themselves only at runtime (for example, file overwrites) and zeroing in on the root causes of the application crashing, running slowly, or behaving unpredictably. Defects commonly detected by runtime error detection include: * Race conditions * Exceptions * Resource leaks * Memory leaks * Security attack vulnerabilities (e.g., SQL injection) * Null pointers * Uninitialized memory * Buffer overflows Runtime error detection tools can only detect errors in the executed control flow of the application. [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Verification
Software verification is a discipline of software engineering whose goal is to assure that software fully satisfies all the expected requirements. Broad scope and classification A broad definition of verification makes it equivalent to software testing. In that case, there are two fundamental approaches to verification: * ''Dynamic verification'', also known as experimentation, dynamic testing or, simply testing. - This is good for finding faults ( software bugs). * ''Static verification'', also known as analysis or, static testing - This is useful for proving the correctness of a program. Although it may result in false positives when there are one or more conflicts between the process a software really does and what the static verification assumes it does. Dynamic verification (Test, experimentation) Dynamic verification is performed during the execution of software, and dynamically checks its behavior; it is commonly known as the Test phase. Verification is a Review Pr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SQL Injection
In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. In a 2012 study, it was observed that the avera ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
BoundsChecker
BoundsChecker is a memory checking and API call validation tool used for C++ software development with Microsoft Visual C++. It was created by NuMega in the early 1990s. When NuMega was purchased by Compuware in 1997, BoundsChecker became part of a larger tool suite, DevPartner Studio. Micro Focus purchased the product line from Compuware in 2009. Comparable tools include Purify, Insure++ and Valgrind. BoundsChecker may be run in two distinct modes: ActiveCheck, which will work against any application as is, or FinalCheck, which makes use of instrumentation added to the application when it is built. ActiveCheck performs a less intrusive analysis and monitors all calls by the application to the C Runtime Library, Windows API and calls to COM objects. By monitoring memory allocations and releases, it can detect memory leaks and overruns. Monitoring API and COM calls enables ActiveCheck to check parameters, returns and exceptions and report exceptions when they occur. Thread ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Memory Debugger
Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembered, it would be impossible for language, relationships, or personal identity to develop. Memory loss is usually described as forgetfulness or amnesia. Memory is often understood as an informational processing system with explicit and implicit functioning that is made up of a sensory processor, short-term (or working) memory, and long-term memory. This can be related to the neuron. The sensory processor allows information from the outside world to be sensed in the form of chemical and physical stimuli and attended to various levels of focus and intent. Working memory serves as an encoding and retrieval processor. Information in the form of stimuli is encoded in accordance with explicit or implicit functions by the working memory processo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Testing
Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include, but not necessarily limited to: * analyzing the product requirements for completeness and correctness in various contexts like industry perspective, business perspective, feasibility and viability of implementation, usability, performance, security, infrastructure considerations, etc. * reviewing the product architecture and the overall design of the product * working with product developers on improvement in coding techniques, design patterns, tests that can be written as part of code based on various techniques like boundary conditions, etc. * executing a program or application with the intent of examining behavior * reviewing the deployment infrastructure a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Parasoft
Parasoft (officially Parasoft Corporation) is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built. During the 90's, Parasoft leveraged technology in their parallel software toolkit to create software test automation tools for traditional software development as well as parallel. Starting with runtime error detection for C and C++ with their Insure++ product, they also added capabilities for static code analysis, unit testing, and ultimately expanded to include application security, functional testing, and service virtualization. Technologies Parasoft develops automated defect prevention technologies that support the Automated Defect P ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Buffer Overflow
In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs; if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, then an anomalous transaction that produces more data could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes. Exploiting the behavior of a buffer overflow is a well-known security exploit. On many systems, the memory layout of a program, or the system as a whole, is well defined. By sending in data designed to ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Memory Corruption
Memory corruption occurs in a computer program when the contents of a memory location are modified due to programmatic behavior that exceeds the intention of the original programmer or program/language constructs; this is termed as violation of memory safety. The most likely causes of memory corruption are programming errors (software bugs). When the corrupted memory contents are used later in that program, it leads either to program crash or to strange and bizarre program behavior. Nearly 10% of application crashes on Windows systems are due to heap corruption.{{Cite web, last=Radich, first=Q., last2=Sherer, first2=T., last3=Sharkey, first3=K., last4=Batchelor, first4=D., last5=Kennedy, first5=J. T., last6=Mabee, first6=D., last7=Coulter, first7=D., last8=Michael, first8=S., date=28 April 2021, title=Application Verifier (Windows 7 and Windows Server 2008 R2 Application Quality Cookbook) - Win32 apps, publisher=Microsoft Developer Network, url=https://docs.microsoft.com/en-us/w ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Null Pointer
In computing, a null pointer or null reference is a value saved for indicating that the pointer or reference does not refer to a valid object. Programs routinely use null pointers to represent conditions such as the end of a list of unknown length or the failure to perform some action; this use of null pointers can be compared to nullable types and to the ''Nothing'' value in an option type. A null pointer should not be confused with an uninitialized pointer: a null pointer is guaranteed to compare unequal to any pointer that points to a valid object. However, depending on the language and implementation, an uninitialized pointer may not have any such guarantee. It might compare equal to other, valid pointers; or it might compare equal to null pointers. It might do both at different times; or the comparison might be undefined behaviour. C In C, two null pointers of any type are guaranteed to compare equal. The preprocessor macro NULL is defined as an implementation-defin ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Vulnerability (computing)
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. Vulnerability management is a cyclical practice that varies in theory but contains common processes which include: discover all assets, prioritize assets, assess or perform a complete vulnerability scan, report on results, remediate vulnerabilities, verify remediation - repeat. This practice generally refers to software vulnerabilities in computing systems. Agile vulnerability management refers preventing attacks ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Bug
A software bug is an error, flaw or fault in the design, development, or operation of computer software that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The process of finding and correcting bugs is termed "debugging" and often uses formal techniques or tools to pinpoint bugs. Since the 1950s, some computer systems have been designed to deter, detect or auto-correct various computer bugs during operations. Bugs in software can arise from mistakes and errors made in interpreting and extracting users' requirements, planning a program's design, writing its source code, and from interaction with humans, hardware and programs, such as operating systems or libraries. A program with many, or serious, bugs is often described as ''buggy''. Bugs can trigger errors that may have ripple effects. The effects of bugs may be subtle, such as unintended text formatting, through to more obvious effects such as causing a program to crash, freezing th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
