On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications
Autor:
Mateo Tudela, Francesc
; Bermejo Higuera, Juan Ramón
; Bermejo-Higuera, Javier
; Sicilia, Juan Antonio
; Argyros, Michael I
Fecha:
12/2020Palabra clave:
Revista / editorial:
Applied Sciences-BaselTipo de Ítem:
Articulo Revista IndexadaDirección web:
https://www.mdpi.com/2076-3417/10/24/9119
Resumen:
The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination.
Este ítem aparece en la(s) siguiente(s) colección(es)
Estadísticas de uso
Año |
2012 |
2013 |
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
2025 |
Vistas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
41 |
45 |
55 |
87 |
14 |
Descargas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
Ítems relacionados
Mostrando ítems relacionados por Título, autor o materia.
-
Combinatorial method with static analysis for source code security in web applications
Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Sicilia, Juan Antonio ; Sureda Riera, Tomás; Argyros, Christopher I.; Magreñán, Á. Alberto (Tech Science Press, 2021)Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity. The construction of the procedure utilized in the static analysis tools of source code ... -
Systematic Approach to Malware Analysis (SAMA)
Bermejo-Higuera, Javier; Abad-Aramburu, Carlos; Bermejo Higuera, Juan Ramón; Sicilia Urban, Miguel Ángel; Sicilia, Juan Antonio (Applied Sciences, 02/2020)Malware threats pose new challenges to analytic and reverse engineering tasks. It is needed for a systematic approach to that analysis, in an attempt to fully uncover their underlying attack vectors and techniques and find ... -
MMALE a methodology for malware analysis in linux environments
de Vicente Mohino, José Javier ; Bermejo-Higuera, Javier; Bermejo Higuera, Juan Ramón; Sicilia, Juan Antonio ; Sánchez Rubio, Manuel ; Martínez Herraiz, José-Javier (Computers, materials and continua, 2021)In a computer environment, an operating systemis prone to malware, and even the Linux operating system is not an exception. In recent years, malware has evolved, and attackers have becomemore qualified compared to a fewyears ...