Browse wiki

From Navigators

Jump to: navigation, search
Publication:Computing2018
Abstract Automated Static Analysis Tools (ASATs) ar Automated Static Analysis Tools (ASATs) are one of the best ways to search for vulnerabilities in applications, so they are a resource widely used by developers to improve their applications. However, it is well-known that the performance of such tools is limited, and their detection capabilities may not meet the requirements of the project regarding the criticality of the application. Diversity is an obvious direction to take to improve the true positives, as different tools usually report distinct vulnerabilities, however with the cost of also increasing the false positives, which may be unacceptable in some scenarios. In this paper, we study the problem of combining diverse ASATs to improve the overall detection of vulnerabilities in web applications, considering four development scenarios with different criticality goals and constraints. These scenarios range from low budget to high-end (e.g., business critical) web applications. We tested with five ASATs under two datasets, one with real WordPress plugins and another with synthetic test cases. Our findings revealed that combining the outputs of several ASATs does not always improve the vulnerability detection performance over a single ASAT. By using our procedure a developer is able to choose which is the best combination of ASATs that fits better in the project requirements. t fits better in the project requirements.
Author Paulo Nunes + , Ibéria Medeiros + , José Fonseca + , Nuno Ferreira Neves + , Miguel Correia + , Marco Vieira +
Journal Springer Computing  +
Key Computing2018  +
Month sep  +
NumPubDate 2,018.09  +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title An Empirical Study on Combining Diverse Static Analysis Tools for Web Security Vulnerabilities based on Development Scenarios  +
Type article  +
Year 2018  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 10 February 2019 02:42:05  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox