Combinatorial method with static analysis for source code security in web applications
Autor:
Bermejo Higuera, Juan Ramón
; Bermejo-Higuera, Javier
; Sicilia, Juan Antonio
; Sureda Riera, Tomás
; Argyros, Christopher I.
; Magreñán, Á. Alberto
Fecha:
2021Palabra clave:
Revista / editorial:
Tech Science PressTipo de Ítem:
articleDirección web:
https://www.techscience.com/CMES/v129n2/44808Resumen:
Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity. The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed. To utilize the possible synergies different static analysis tools may process, this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives. Specifically, five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses (OWASP TTSW). The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios. The findings show that simply including more tools in a combination is not synonymous with better results; it depends on the specific tools included in the combination due to their different designs and techniques.
Este ítem aparece en la(s) siguiente(s) colección(es)
Estadísticas de uso
Año |
2012 |
2013 |
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
Vistas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
64 |
62 |
115 |
Descargas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
Ítems relacionados
Mostrando ítems relacionados por Título, autor o materia.
-
Prevention and fighting against web attacks through anomaly detection technology. A systematic review
Sureda Riera, Tomás; Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Martínez Herraiz, José-Javier; Sicilia, Juan Antonio (Sustainability (Switzerland), 01/06/2020)Numerous techniques have been developed in order to prevent attacks on web servers. Anomaly detection techniques are based on models of normal user and application behavior, interpreting deviations from the established ... -
A new multi-label dataset for Web attacks CAPEC classification using machine learning techniques
Sureda Riera, Tomás; Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Martínez Herraiz, José-Javier; Sicilia, Juan Antonio (Computers & Security, 2022)Context: There are many datasets for training and evaluating models to detect web attacks, labeling each request as normal or attack. Web attack protection tools must provide additional information on the type of attack ... -
Systematic Approach for Web Protection Runtime Tools’ Effectiveness Analysis
Sureda Riera, Tomás; Bermejo Higuera, Juan Ramón; Bermejo-Higuera, Javier; Sicilia, Juan Antonio; Martínez Herraiz, José-Javier (CMES - Computer Modeling in Engineering and Sciences, 2022)Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources. Thus, different approaches to protect web applications have been proposed to date. Of them, ...