• Mi Re-Unir
    Búsqueda Avanzada
    JavaScript is disabled for your browser. Some features of this site may not work without it.
    Ver ítem 
    •   Inicio
    • RESULTADOS DE INVESTIGACIÓN
    • Artículos Científicos WOS y SCOPUS
    • Ver ítem
    •   Inicio
    • RESULTADOS DE INVESTIGACIÓN
    • Artículos Científicos WOS y SCOPUS
    • Ver ítem

    On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

    Autor: 
    Mateo Tudela, Francesc (1)
    ;
    Bermejo Higuera, Juan Ramón (1)
    ;
    Bermejo-Higuera, Javier (1)
    ;
    Sicilia, Juan Antonio (1)
    ;
    Argyros, Michael I
    Fecha: 
    12/2020
    Palabra clave: 
    web application; security vulnerability; analysis security testing; static analysis security testing; dynamic analysis security testing; interactive analysis security testing; assessment methodology; false positive; false negative; tools combination; JCR; Scopus
    Tipo de Ítem: 
    Articulo Revista Indexada
    URI: 
    https://reunir.unir.net/handle/123456789/11203
    DOI: 
    http://dx.doi.org/10.3390/app10249119
    Dirección web: 
    https://www.mdpi.com/2076-3417/10/24/9119
    Open Access
    Resumen:
    The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination.
    Mostrar el registro completo del ítem
    Este ítem aparece en la(s) siguiente(s) colección(es)
    • Artículos Científicos WOS y SCOPUS

    Estadísticas de uso

    Año
    2012
    2013
    2014
    2015
    2016
    2017
    2018
    2019
    2020
    2021
    2022
    Vistas
    0
    0
    0
    0
    0
    0
    0
    0
    0
    41
    22
    Descargas
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0

    Ítems relacionados

    Mostrando ítems relacionados por Título, autor o materia.

    • Combinatorial method with static analysis for source code security in web applications 

      Bermejo Higuera, Juan Ramón (1); Bermejo-Higuera, Javier (1); Sicilia, Juan Antonio (1); Sureda Riera, Tomás; Argyros, Christopher I.; Magreñán, Á. Alberto (1) (Tech Science Press, 2021)
      Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity. The construction of the procedure utilized in the static analysis tools of source code ...
    • Systematic Approach to Malware Analysis (SAMA) 

      Bermejo-Higuera, Javier; Abad-Aramburu, Carlos; Bermejo Higuera, Juan Ramón; Sicilia Urban, Miguel Ángel; Sicilia, Juan Antonio (Applied Sciences, 02/2020)
      Malware threats pose new challenges to analytic and reverse engineering tasks. It is needed for a systematic approach to that analysis, in an attempt to fully uncover their underlying attack vectors and techniques and find ...
    • MMALE a methodology for malware analysis in linux environments 

      de Vicente Mohino, José Javier (1); Bermejo-Higuera, Javier; Bermejo Higuera, Juan Ramón; Sicilia, Juan Antonio (1); Sánchez Rubio, Manuel (1); Martínez Herraiz, José-Javier (Computers, materials and continua, 2021)
      In a computer environment, an operating systemis prone to malware, and even the Linux operating system is not an exception. In recent years, malware has evolved, and attackers have becomemore qualified compared to a fewyears ...

    Mi cuenta

    AccederRegistrar

    ¿necesitas ayuda?

    Manual de UsuarioAutorización TFG-M

    Listar

    todo Re-UnirComunidades y coleccionesPor fecha de publicaciónAutoresTítulosPalabras claveTipo documentoTipo de accesoEsta colecciónPor fecha de publicaciónAutoresTítulosPalabras claveTipo documentoTipo de acceso






    Aviso Legal Política de Privacidad Política de Cookies Cláusulas legales RGPD
    © UNIR - Universidad Internacional de La Rioja
     
    Aviso Legal Política de Privacidad Política de Cookies Cláusulas legales RGPD
    © UNIR - Universidad Internacional de La Rioja