Mostrar el registro sencillo del ítem

dc.contributor.authorBermejo Higuera, Juan Ramón
dc.contributor.authorBermejo-Higuera, Javier
dc.contributor.authorSicilia, Juan Antonio
dc.contributor.authorCubo Villalba, Javier
dc.contributor.authorNombela Pérez, Juan José
dc.date2020
dc.date.accessioned2020-12-10T08:33:19Z
dc.date.available2020-12-10T08:33:19Z
dc.identifier.issn1546-2226
dc.identifier.urihttps://reunir.unir.net/handle/123456789/10794
dc.description.abstractTo detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance. Given the significant cost of commercial tools, this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project. Thus, the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project. The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.es_ES
dc.language.isoenges_ES
dc.publisherCMC-Computers Materials & Continuaes_ES
dc.relation.ispartofseries;vol. 64, nº 3
dc.relation.urihttps://www.techscience.com/cmc/v64n3/39444es_ES
dc.rightsopenAccesses_ES
dc.subjectweb applicationes_ES
dc.subjectbenchmarkes_ES
dc.subjectsecurity vulnerabilityes_ES
dc.subjectSecurity Analysis Static Toolses_ES
dc.subjectassessment methodologyes_ES
dc.subjectfalse positivees_ES
dc.subjectfalse negativees_ES
dc.subjectprecisiones_ES
dc.subjectf-measurees_ES
dc.subjectJCRes_ES
dc.subjectScopuses_ES
dc.titleBenchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilitieses_ES
dc.typeArticulo Revista Indexadaes_ES
reunir.tag~ARIes_ES
dc.identifier.doihttps://www.techscience.com/cmc/v64n3/39444


Ficheros en el ítem

FicherosTamañoFormatoVer

No hay ficheros asociados a este ítem.

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro sencillo del ítem