Vincenzo Di Stasio
Evaluation of Static Security Analysis Tools on Open Source Distributed Applications.
Rel. Riccardo Sisto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022
|
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (4MB) | Preview |
Abstract: |
The use of static security analysis tools is becoming common practice in distributed application development in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The aim of the thesis is to evaluate some static security analysis tools by applying them to a significant set of distributed open-source applications. However, distinct tools provide different results depending on factors such as the complexity of the code under analysis and the application scenario, thus missing some of the vulnerabilities while reporting false problems. While some benchmarks already exist for evaluating these tools, they are not well aligned with the latest web development techniques. The work consists in identifying some relevant and modern open source projects to use as benchmarks. Then, some of the static safety analysis tools were tested on the selected projects and the results on their performance were collected, following the evaluation methodology suggested by OWASP. The results of this work have been obtaining using widely acceptable metrics to classify them. The selected open source projects are based on the JavaScript and Python languages. |
---|---|
Relators: | Riccardo Sisto |
Academic year: | 2022/23 |
Publication type: | Electronic |
Number of Pages: | 91 |
Subjects: | |
Corso di laurea: | Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering) |
Classe di laurea: | New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING |
Aziende collaboratrici: | UNSPECIFIED |
URI: | http://webthesis.biblio.polito.it/id/eprint/24514 |
Modify record (reserved for operators) |