A Systematic Literature Review on Automated Exploit and Security Test Generation

TL;DR

This systematic review analyzes various techniques for automated exploit and security test generation, highlighting their focus areas, usability, and the scarcity of publicly available tools, to aid researchers and practitioners.

Contribution

It categorizes existing exploit generation techniques, evaluates their practical usability, and identifies gaps such as limited publicly available tools.

Findings

Most techniques target memory vulnerabilities in C/C++.

Many focus on web injection vulnerabilities in PHP and Java.

Few studies provide publicly accessible tools.

Abstract

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools. However, the vulnerability exploits are often unavailable and require time and expert knowledge to craft. Obtaining them from the exploit generation techniques is another potential solution. The goal of this survey is to aid the researchers and practitioners in understanding the existing techniques for exploit generation through the analysis of their characteristics and their usability in practice. We identify a list of exploit generation techniques from literature and group them into four categories: automated exploit generation, security testing, fuzzing, and other techniques. Most of the techniques focus on the memory-based vulnerabilities in C/C++ programs and web-based injection vulnerabilities in PHP and Java applications. We found only a few studies that publicly provided usable tools associated with their techniques.