Abstract: An automatic software testing machine may be configured to provide an advanced symbolic execution approach to software testing that combines dynamic symbolic execution and static symbolic execution, leveraging the strengths of each and avoiding the vulnerabilities of each. One or more software testing machines within a software testing system may be configured to automatically and dynamically alternate between dynamic symbolic execution and static symbolic execution, based on partial control flow graphs of portions of the software code to be tested. In some example embodiments, a software testing machine begins with dynamic symbolic execution, but switches to static symbolic execution opportunistically. In static mode, instead of checking entire programs for verification, the software testing machine may only check one or more program fragments for testing purposes. Thus, the software testing machine may benefit from the strengths of both dynamic and static symbolic execution.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: An automatic software testing machine may be configured to provide an advanced symbolic execution approach to software testing that combines dynamic symbolic execution and static symbolic execution, leveraging the strengths of each and avoiding the vulnerabilities of each. One or more software testing machines within a software testing system may be configured to automatically and dynamically alternate between dynamic symbolic execution and static symbolic execution, based on partial control flow graphs of portions of the software code to be tested. In some example embodiments, a software testing machine begins with dynamic symbolic execution, but switches to static symbolic execution opportunistically. In static mode, instead of checking entire programs for verification, the software testing machine may only check one or more program fragments for testing purposes. Thus, the software testing machine may benefit from the strengths of both dynamic and static symbolic execution.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: A system and method for automatically generating exploits, such as exploits for target code, is described. In some implementations, the system received binary code and/or source code of a software applications, finds one or more exploitable bugs within the software application, and automatically generates exploits for the exploitable bugs.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: A system and method for automatically generating exploits, such as exploits for target code, is described. In some implementations, the system received binary code and/or source code of a software applications, finds one or more exploitable bugs within the software application, and automatically generates exploits for the exploitable bugs.