CIS 4615 meeting -*- Outline -*-

* dynamic analysis tools

** two purposes
------------------------------------------
   TWO KINDS OF DYNAMIC ANALYSIS TOOLS

1. For vulnerability analysis
 
  code implementation problems
  attempts to find:
     - XSS
     - buffer overruns
     - format strings
     - integer overflow
     - command injection
     - information leakage
     - poor usability
     - too much privilege
     - failure to protect stored data
     - sins of mobile code
     - failing to protect network traffic
     - improper use of PKI and SSL
     - trusting network name resolution

2. For investigating possible malware

   finds information about a program:
      - see registry, file, network, process,
        and thread activity
      - what DLLs it uses
      - what DNS and network traffic
      - what internet services it uses


------------------------------------------
        Q: Will a dynamic vulnerability analysis find design flaws?
        No, it is harder to "see" the design

        Q: Is it possible to miss some behaviors?
        Yes, depends on inputs...

        Q: Will a tool tell if a program is malware?
        Not definitively, its behavior is key