(Dynamic) Security Testing and Exploit Generation
International School, University of Salerno, Avellino, Italy. June 16, 2025.
Lecture Abstract
Security Testing aims to evaluate the degree to which a test item, e.g., an application or a class method, is protected from unauthorized access (use, read, or modification) and only permits authorized parties to access it. In addition to the widely spread tools based on code static analysis, dynamic testing techniques can uncover security weaknesses by running some parts of the tested application.
This talk provides an overview of the main dynamic security testing approaches, namely vulnerability scanning, fuzzing, penetration testing, and code-level testing. Then, it zooms into the state of the art in automated code-level security test generation, showing the current methodological and technological trends. Afterwards, it relates the world of security testing to the more established automated exploit generation and presents its recent advances.
The talk concludes by showing the limitations of existing approaches and providing research directions for future development in this field.