Enhancing Software Security Analysis: Targeted Test Case Generation through Constraint Solving in Interactive Application Security Testing

Interactive Application Security Testing (IAST) is an innovative approach to improving software security assessment by combining the strengths of static and dynamic analysis, offering a more comprehensive and accurate assessment. This hybrid approach enables the identification of true positives resulting from static analysis, via confirmation through dynamic analysis. This paper presents techniques for generating specific test cases to verify static analysis findings by employing constraint-solving. Given the necessity for enhanced efficiency and accuracy in vulnerability identification in resource-constrained environments, such as embedded systems, where memory management issues are a significant vulnerability, our solution will concentrate on C code applications. Accordingly, one particular challenge that will be addressed is how to deal with pointers and memory management during the constraints collection. Furthermore, we will introduce methods that are used to handle external function calls - which pose a particular challenge because their source code is usually not available - and to cope with the state explosion problem through the early detection of paths that do not require further exploration.