Detecting security vulnerabilities with static analysis – A case study
نویسندگان
چکیده
Abstract Many security vulnerabilities can be detected by static analysis. This paper is a case study and performance comparison of four open-source analysis tools plugins (PMD, SpotBugs, Find Security Bugs, SonarQube) on Java source code. Experiments have been conducted the widely used Juliet Test Suite with respect to six selected weaknesses from official Top 25 list Common Weakness Enumeration. In this study, metrics calculated for helping developers decide which when checking their programs vulnerabilities. It turned out that particular are best tools.
منابع مشابه
Finding Security Vulnerabilities in Java Applications with Static Analysis
This report proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of security vulnerabilities in Web applications. We propose a static analysis approach based on a scalabl...
متن کاملEfficient Design of Static Analysis Tool for Detecting Web Vulnerabilities
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error prone and costly, the need for automated solutions has become evident. Many web applications written in ASP suffer from injection vulnerabil...
متن کاملStatic analysis for detecting taint-style vulnerabilities in web applications
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable web applications ...
متن کاملRule-Based Source-Code Analysis For Detecting Security Vulnerabilities
Many security vulnerabilities related to source code have simple syntactic patterns or flow patterns that can be described as rules. In this paper, we propose a rule description language, RDL, in which we can specify simple syntactic patterns and data-flow and control-flow patterns that possibly lead to security vulnerabilities. We then introduce a universal static detector that can find the lo...
متن کاملDetecting Security Vulnerabilities in C code with Type Checking
An emerging trend in programming language design is to allow for more properties about values and computations to be expressed in the language so that they can be checked automatically. This paper presents a flow-sensitive type checking algorithm for a type system of type qualifiers. We show that our type checker can detect common programming errors that often result in security vulnerabilities...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Pollack Periodica
سال: 2021
ISSN: ['1788-1994', '1788-3911']
DOI: https://doi.org/10.1556/606.2021.00454