Vulnerability Analysis Patterns (VAP)

These are general patterns of software vulnerability: synthesis of analysis patterns from the following software diagnostics catalogues:

  • MAP - Memory Analysis Patterns (include behavioural and structural patterns)
  • TAP - Trace Analysis Patterns
  • CAP - Code Analysis Patterns (previously introduced as Static Code Analysis Patterns)
  • ADDR - Deconstruction, Disassembly, and Reversing (binary equivalent of CAP) Patterns (the current list is available here)
  • Also:

    VEC - Vulnerability, Exploit, and Control of Victimware
    Victimware - bugs of software (including bugs of malware) + vulnerabilities (provocative and precipitative victimware)

    For victimware classification please look at this presentation: http://www.dumpanalysis.org/victimware-book

    The following easy to remember diagram combines all these acronyms and terminology:

    The first pattern we suggest is called Versioned Namespace. It is similar to Namespace malware analysis pattern but covers victimware side. Not only some API sets seen from source code and binaries but their versions also have importance. Again, this proposed new catalogue contains general analysis patterns, not specific operating system and product patterns. More patterns will be added later according to our pattern-based software diagnostics incremental and iterative methodology.