Mostrar el registro sencillo del ítem

dc.contributor.authorMateo Tudela, Francesc (1)
dc.contributor.authorBermejo Higuera, Juan Ramón (1)
dc.contributor.authorBermejo-Higuera, Javier (1)
dc.contributor.authorSicilia, Juan Antonio (1)
dc.contributor.authorArgyros, Michael I
dc.description.abstractThe design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination.es_ES
dc.publisherApplied Sciences-Baseles_ES
dc.relation.ispartofseries;vol. 10, nº 24
dc.subjectweb applicationes_ES
dc.subjectsecurity vulnerabilityes_ES
dc.subjectanalysis security testinges_ES
dc.subjectstatic analysis security testinges_ES
dc.subjectdynamic analysis security testinges_ES
dc.subjectinteractive analysis security testinges_ES
dc.subjectassessment methodologyes_ES
dc.subjectfalse positivees_ES
dc.subjectfalse negativees_ES
dc.subjecttools combinationes_ES
dc.titleOn Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applicationses_ES
dc.typeArticulo Revista Indexadaes_ES

Ficheros en el ítem


No hay ficheros asociados a este ítem.

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro sencillo del ítem