Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Systematic Literature Review on Automated Exploit and Security Test Generation

Quang-Cuong Bui, Emanuele Iannone, Maria Camporese, Torge Hinrichs, Catherine Tony, László Tóth, Fabio Palomba, Péter Hegedűs, Fabio Massacci, Riccardo Scandariato

TL;DR

This systematic literature review catalogs techniques for automatically generating exploits and security tests for software vulnerabilities, organizing them into AEG, Security Testing, Fuzzing, and Others. It analyzes 66 peer-reviewed studies to describe technique types, targets (predominantly memory-based C/C++ vulnerabilities and web injections in PHP/Java), outputs (exploits, test cases, or crafted inputs), automation levels, and availability of tooling. The study reveals that while a large portion of work targets automatic exploitation, publicly usable tools remain scarce due to security concerns, highlighting a gap between research prototypes and practical, shareable solutions. The findings offer a comprehensive baseline for researchers and practitioners and point to a future agenda for developing usable AEG workflows and reproducible tooling in this domain.

Abstract

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools. However, the vulnerability exploits are often unavailable and require time and expert knowledge to craft. Obtaining them from the exploit generation techniques is another potential solution. The goal of this survey is to aid the researchers and practitioners in understanding the existing techniques for exploit generation through the analysis of their characteristics and their usability in practice. We identify a list of exploit generation techniques from literature and group them into four categories: automated exploit generation, security testing, fuzzing, and other techniques. Most of the techniques focus on the memory-based vulnerabilities in C/C++ programs and web-based injection vulnerabilities in PHP and Java applications. We found only a few studies that publicly provided usable tools associated with their techniques.

A Systematic Literature Review on Automated Exploit and Security Test Generation

TL;DR

This systematic literature review catalogs techniques for automatically generating exploits and security tests for software vulnerabilities, organizing them into AEG, Security Testing, Fuzzing, and Others. It analyzes 66 peer-reviewed studies to describe technique types, targets (predominantly memory-based C/C++ vulnerabilities and web injections in PHP/Java), outputs (exploits, test cases, or crafted inputs), automation levels, and availability of tooling. The study reveals that while a large portion of work targets automatic exploitation, publicly usable tools remain scarce due to security concerns, highlighting a gap between research prototypes and practical, shareable solutions. The findings offer a comprehensive baseline for researchers and practitioners and point to a future agenda for developing usable AEG workflows and reproducible tooling in this domain.

Abstract

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools. However, the vulnerability exploits are often unavailable and require time and expert knowledge to craft. Obtaining them from the exploit generation techniques is another potential solution. The goal of this survey is to aid the researchers and practitioners in understanding the existing techniques for exploit generation through the analysis of their characteristics and their usability in practice. We identify a list of exploit generation techniques from literature and group them into four categories: automated exploit generation, security testing, fuzzing, and other techniques. Most of the techniques focus on the memory-based vulnerabilities in C/C++ programs and web-based injection vulnerabilities in PHP and Java applications. We found only a few studies that publicly provided usable tools associated with their techniques.

Paper Structure

This paper contains 24 sections, 1 figure, 8 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Base Definitions
  4. Related Secondary Studies
  5. Survey Method
  6. Survey Goal and Research Questions
  7. Paper Collection
  8. Inclusion/Exclusion Criteria
  9. Paper Review and Categorization
  10. Review Results
  11. RQ2. Techniques Used for AEG
  12. AEG
  13. Security Testing
  14. Fuzzing
  15. Others
  16. ...and 9 more sections

Figures (1)

  • Figure 1: Taxonomy of studies on Automated Exploit Generation.