A given application is instrumented to trace its execution flow. Constraints and/or transformation associated with input identified in the execution flow are mirrored on a set of candidate test payloads. The set of candidate test payloads are modified or pruned based on the execution flow of the instrumented application reaching a security operation with the input satisfying the constraints while the payloads may not. If the set of candidate test payloads is not empty at reaching the security operation, it is determined that the give application has vulnerability and a signal issuing a warning may be generated and transmitted.
展开▼