loading
Documents

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Andreas Wagner 1 and Johannes Sametinger 2

Affiliations: 1 IT Solutions, Austria ; 2 Johannes Kepler University Linz, Austria

ISBN: 978-989-758-045-1

Keyword(s): Juliet Test Suite, Security Scanner, Scanner Comparison, Static Analysis.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Software Security

Abstract: Security issues arise permanently in different software products. Making software secure is a challenging endeavour. Static analysis of the source code can help eliminate various security bugs. The better a scanner is, the more bugs can be found and eliminated. The quality of security scanners can be determined by letting them scan code with known vulnerabilities. Thus, it is easy to see how much they have (not) found. We have used the Juliet Test Suite to test various scanners. This test suite contains test cases with a set of security bugs that should be found by security scanners. We have automated the process of scanning the test suite and of comparing the generated results. With one exception, we have only used freely available source code scanners. These scanners were not primarily targeted at security, yielding disappointing results at first sight. We will report on the findings, on the barriers for automatic scanning and comparing, as well as on the detailed results.

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.163.22.209

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wagner A. and Sametinger J. (2014). Using the Juliet Test Suite to Compare Static Security Scanners.In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 244-252. DOI: 10.5220/0005032902440252

@conference{secrypt14,
author={Andreas Wagner and Johannes Sametinger},
title={Using the Juliet Test Suite to Compare Static Security Scanners},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={244-252},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005032902440252},
isbn={978-989-758-045-1},
}

TY - CONF

JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Using the Juliet Test Suite to Compare Static Security Scanners
SN - 978-989-758-045-1
AU - Wagner A.
AU - Sametinger J.
PY - 2014
SP - 244
EP - 252
DO - 10.5220/0005032902440252

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.