• Mi Re-Unir
    Búsqueda Avanzada
    JavaScript is disabled for your browser. Some features of this site may not work without it.
    Ver ítem 
    •   Inicio
    • RESULTADOS DE INVESTIGACIÓN
    • Artículos Científicos WOS y SCOPUS
    • Ver ítem
    •   Inicio
    • RESULTADOS DE INVESTIGACIÓN
    • Artículos Científicos WOS y SCOPUS
    • Ver ítem

    Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities

    Autor: 
    Bermejo Higuera, Juan Ramón (1)
    ;
    Bermejo-Higuera, Javier (1)
    ;
    Sicilia, Juan Antonio (1)
    ;
    Cubo Villalba, Javier (1)
    ;
    Nombela Pérez, Juan José (1)
    Fecha: 
    2020
    Palabra clave: 
    web application; benchmark; security vulnerability; Security Analysis Static Tools; assessment methodology; false positive; false negative; precision; f-measure; JCR; Scopus
    Tipo de Ítem: 
    Articulo Revista Indexada
    URI: 
    https://reunir.unir.net/handle/123456789/10794
    DOI: 
    https://www.techscience.com/cmc/v64n3/39444
    Dirección web: 
    https://www.techscience.com/cmc/v64n3/39444
    Open Access
    Resumen:
    To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance. Given the significant cost of commercial tools, this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project. Thus, the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project. The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
    Mostrar el registro completo del ítem
    Este ítem aparece en la(s) siguiente(s) colección(es)
    • Artículos Científicos WOS y SCOPUS

    Estadísticas de uso

    Año
    2012
    2013
    2014
    2015
    2016
    2017
    2018
    2019
    2020
    2021
    2022
    2023
    Vistas
    0
    0
    0
    0
    0
    0
    0
    0
    29
    204
    96
    4
    Descargas
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0

    Ítems relacionados

    Mostrando ítems relacionados por Título, autor o materia.

    • Effective filter for common injection attacks in online web applications 

      Ibarra-Fiallos, Santiago (1); Bermejo-Higuera, Javier (1); Intriago-Pazmino, Monserrate; Bermejo Higuera, Juan Ramón (1); Sicilia, Juan Antonio (1); Cubo Villalba, Javier (1) (IEEE Access, 2021)
      Injection attacks against web applications are still frequent, and organizations like OWASP places them within the Top Ten of security risks to web applications. The main goal of this work is to contribute to the community ...
    • MMALE a methodology for malware analysis in linux environments 

      de Vicente Mohino, José Javier (1); Bermejo-Higuera, Javier; Bermejo Higuera, Juan Ramón; Sicilia, Juan Antonio (1); Sánchez Rubio, Manuel (1); Martínez Herraiz, José-Javier (Computers, materials and continua, 2021)
      In a computer environment, an operating systemis prone to malware, and even the Linux operating system is not an exception. In recent years, malware has evolved, and attackers have becomemore qualified compared to a fewyears ...
    • Prevention and fighting against web attacks through anomaly detection technology. A systematic review 

      Sureda Riera, Tomás; Bermejo Higuera, Juan Ramón (1); Bermejo-Higuera, Javier (1); Martínez Herraiz, José-Javier; Sicilia, Juan Antonio (1) (Sustainability (Switzerland), 01/06/2020)
      Numerous techniques have been developed in order to prevent attacks on web servers. Anomaly detection techniques are based on models of normal user and application behavior, interpreting deviations from the established ...

    Mi cuenta

    AccederRegistrar

    ¿necesitas ayuda?

    Manual de UsuarioAutorización TFG-M

    Listar

    todo Re-UnirComunidades y coleccionesPor fecha de publicaciónAutoresTítulosPalabras claveTipo documentoTipo de accesoEsta colecciónPor fecha de publicaciónAutoresTítulosPalabras claveTipo documentoTipo de acceso






    Aviso Legal Política de Privacidad Política de Cookies Cláusulas legales RGPD
    © UNIR - Universidad Internacional de La Rioja
     
    Aviso Legal Política de Privacidad Política de Cookies Cláusulas legales RGPD
    © UNIR - Universidad Internacional de La Rioja