Static analysis of source code security: Assessment of tools against SAMATE tests

2013 ◽  
Vol 55 (8) ◽  
pp. 1462-1476 ◽  
Author(s):  
Gabriel Díaz ◽  
Juan Ramón Bermejo
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Security Assessment ◽  
Code Security

scholarly journals Combinatorial Method with Static Analysis for Source Code Security in Web Applications

2021 ◽  
Vol 129 (2) ◽  
pp. 541-565
Author(s):  
Juan Ram髇 Bermejo Higuera ◽  
Javier Bermejo Higuera ◽  
Juan Antonio Sicilia Montalvo ◽  
Tom醩 Sureda Riera ◽  
Christopher I. Argyros ◽  
...  
Keyword(s):  
Static Analysis ◽  
Web Applications ◽  
Source Code ◽  
Combinatorial Method ◽  
Code Security

Is Static Analysis Able to Identify Unnecessary Source Code?

2020 ◽  
Vol 29 (1) ◽  
pp. 1-23
Author(s):  
Roman Haas ◽  
Rainer Niedermayr ◽  
Tobias Roehm ◽  
Sven Apel
Keyword(s):  
Static Analysis ◽  
Source Code

Source code security

1987 ◽  
Vol 17 (4) ◽  
pp. 26-28
Author(s):  
Jon Corelis
Keyword(s):  
Source Code ◽  
Code Security

scholarly journals On the adoption of static analysis for software security assessment–A case study of an open-source e-government project

2021 ◽  
Vol 111 ◽  
pp. 102470
Author(s):  
Anh Nguyen-Duc ◽  
Manh Viet Do ◽  
Quan Luong Hong ◽  
Kiem Nguyen Khac ◽  
Anh Nguyen Quang
Keyword(s):  
Open Source ◽  
Static Analysis ◽  
Software Security ◽  
Security Assessment ◽  
Government Project

scholarly journals Means of integrating static source security analysis technology into the software development environment

2020 ◽  
Author(s):  
N. V. Goryuk ◽  
Keyword(s):  
Software Development ◽  
Static Analysis ◽  
Software Security ◽  
Source Code ◽  
Security Analysis ◽  
Development Environment ◽  
Static Source ◽  
Software Development Environment ◽  
Further Development ◽  
Code Development

The article investigates automation methods and means of integration of static source security analysis technology. The process of software security analysis, which is implemented by the technology of static analysis of the source code, is studied, and the methods of solving the problem of automation and integration of the technology into the source code development environment are offered. The perspective direction of further development of the technology of static analysis of the source code is established.

scholarly journals Evaluation of SQL Injection Vulnerability Detection Tools

2019 ◽  
Vol 9 (1) ◽  
pp. 1747-1751
Keyword(s):  
Static Analysis ◽  
Web Applications ◽  
Source Code ◽  
False Negative ◽  
Vulnerability Detection ◽  
Sql Injection ◽  
User Input ◽  
Root Cause ◽  
Analysis Tools ◽  
Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

Sign in / Sign up

Export Citation Format

Share Document