Logo Politecnico di Torino
ITEN
WebThesis

Evaluation of Static Security Analysis Tools on Open Source Distributed Applications

Vincenzo Di Stasio

Evaluation of Static Security Analysis Tools on Open Source Distributed Applications.

Rel. Riccardo Sisto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[thumbnail of Tesi_di_laurea]
Preview
 PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (4MB) | Preview

Abstract

The use of static security analysis tools is becoming common practice in distributed application development in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The aim of the thesis is to evaluate some static security analysis tools by applying them to a significant set of distributed open-source applications. However, distinct tools provide different results depending on factors such as the complexity of the code under analysis and the application scenario, thus missing some of the vulnerabilities while reporting false problems.

While some benchmarks already exist for evaluating these tools, they are not well aligned with the latest web development techniques

Relatori

Riccardo Sisto

Anno Accademico

2022/23

Tipo di pubblicazione

Elettronica

Numero di pagine

91

Corso di laurea

Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)

Classe di laurea

Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA

URI

https://webthesis.biblio.polito.it/id/eprint/24514
Modifica (riservato agli operatori) Modifica (riservato agli operatori)
Logo Politecnico di Torino