JChainz: Automatic Detection of Deserialization Vulnerabilities for the Java Language

被引：0

作者：

Buccioli, Luca ^{[1
]}

Cristalli, Stefano ^{[3
]}

Vignati, Edoardo ^{[1
]}

Nava, Lorenzo ^{[3
]}

Badagliacca, Daniele ^{[1
]}

Bruschi, Danilo ^{[1
]}

Lu, Long ^{[2
]}

Lanzi, Andrea ^{[1
]}

机构：

[1] University of Milan, Milan, Italy

[2] Northeastern University, Boston, United States

[3] Security Pattern Inc., Milan, Italy

来源：

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | 2023年 / 13867 LNCS卷

关键词：

Compendex;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Java programming language

引用

页码：136 / 155

共 50 条

[1] Java']Java Deserialization Vulnerabilities and Mitigations
Seacord, Robert C.
2017 IEEE CYBERSECURITY DEVELOPMENT (SECDEV), 2017, : 6 - 7
[2] Tabby: Automated Gadget Chain Detection for Java']Java Deserialization Vulnerabilities
Chen, Xingchen
Wang, Baizhu
Jin, Ze
Feng, Yun
Li, Xianglong
Feng, Xincheng
Liu, Qixu
2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, DSN, 2023, : 179 - 192
[3] Analyzing Prerequisites of known Deserialization Vulnerabilities on Java']Java Applications
Kreyssig, Bruno
Bartel, Alexandre
PROCEEDINGS OF 2024 28TH INTERNATION CONFERENCE ON EVALUATION AND ASSESSMENT IN SOFTWARE ENGINEERING, EASE 2024, 2024, : 28 - 37
[4] An In-depth Study of Java']Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
Sayar, Imen
Bartel, Alexandre
Bodden, Eric
Le Traon, Yves
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2023, 32 (01)
[5] ODDFUZZ: Discovering Java']Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
Cao, Sicong
He, Biao
Sun, Xiaobing
Ouyang, Yu
Zhang, Chao
Wu, Xiaoxue
Su, Ting
Bo, Lili
Li, Bin
Ma, Chuanlei
Li, Jiajia
Wei, Tao
2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2023, : 2726 - 2743
[6] ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
Yangzhou University, China
不详
不详
不详
Proc. IEEE Symp. Secur. Privacy, (2726-2743):
[7] ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
Cao, Sicong
He, Biao
Sun, Xiaobing
Ouyang, Yu
Zhang, Chao
Wu, Xiaoxue
Su, Ting
Bo, Lili
Li, Bin
Ma, Chuanlei
Li, Jiajia
Wei, Tao
arXiv, 2023,
[8] Enhancing Automated Detection of Vulnerabilities in Java']Java Components
Parrend, Pierre
2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2, 2009, : 216 - 223
[9] Automatic Repair of Java']Java Code with Timing Side-Channel Vulnerabilities
Lima, Rui
Ferreira, Joao F.
Mendes, Alexandra
2021 36TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING WORKSHOPS (ASEW 2021), 2021, : 1 - 8
[10] Static detection of logic vulnerabilities in Java']Java web applications
Fang, Zhejun
Zhang, Yuqing
Kong, Ying
Liu, Qixu
SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (03) : 519 - 531

← 1 2 3 4 5 →