Ask HN: Logical Vulnerability Discovery?
I understand fuzzing is bombarding with malformed or corner-case inputs. But are there tools that, given target source and language model, will systematically pinpoint (at least some) logical vulnerabilities ?
User list[10];
int id = read(input);
print(list[id]); // WARN unbounded user-controlled index !
6 comments
[ 0.21 ms ] story [ 32.8 ms ] threadI was rather thinking of a specialized scanner (say only for C sources) that just looks for definite classes of vulns, not necessarily scriptable.
http://man.he.net/man1/perlsec
It is not exactly what you are looking for, but I am not aware of anything else that matches what you want.
https://en.wikipedia.org/wiki/Symbolic_execution