Code elements to look for when automating exploit generation

When you test the security of an application (let’s say for finding a buffer overflow vulnerability) you can have a variety of tools at your disposal: Static code analysers: tools that allow the analysis of a program without actually executing it. They can check for Syntax errors, coding implementations that don’t adhere to the standard guidelines, security vulnerabilities. They are prone to a high number of false positive and false negative results. Normally they analyze …