Combinatorial Method with Static Analysis for Source Code Security in Web Applications

作     者：Juan Ramon Bermejo Higuera Javier Bermejo Higuera Juan Antonio Sicilia Montalvo Tomas Sureda Riera Christopher I.Argyros A.Alberto Magrenan 

作者机构：Escuela Superior de Ingenierıa y TecnologıaUniversidad Internacional de La RiojaLogronoLa Rioja26006Spain Computer Science DepartmentUniversity of AlcalaMadrid28801Spain Department of Computing and TechnologyCameron UniversityLawton73505OklahomaUSA Universidad de la RiojaLogronoLa Rioja26006Spain 

出 版 物：《Computer Modeling in Engineering & Sciences》 (工程与科学中的计算机建模（英文）)

年 卷 期：2021年第129卷第11期

页      面：541-565页

核心收录：

学科分类：08[工学] 0701[理学-数学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：The authors received no specific funding for this study 

主　　题：Weakness benchmark security testing analysis comparative methodology tools combination web application 

摘      要：Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and *** construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is *** utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false ***,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the *** findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.