English
Related papers

Related papers: Towards Immediate Feedback for Security Relevant C…

200 papers
On the combination of static analysis for software security assessment -- a case study of an open-source e-government project

Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development and security assessment poses various technical and…

Software Engineering · Computer Science 2021-03-25 Anh Nguyen-Duc , Manh Viet Do , Quan Luong Hong , Kiem Nguyen Khac
An Empirical Study of Static Analysis Tools for Secure Code Review

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude
Explaining Software Vulnerabilities with Large Language Models

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic…

Software Engineering · Computer Science 2025-11-07 Oshando Johnson , Alexandra Fomina , Ranjith Krishnamurthy , Vaibhav Chaudhari , Rohith Kumar Shanmuganathan , Eric Bodden
"False negative -- that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing

The demand for automated security analysis techniques, such as static analysis based security testing (SAST) tools continues to increase. To develop SASTs that are effectively leveraged by developers for finding vulnerabilities, researchers…

Cryptography and Security · Computer Science 2024-06-21 Amit Seal Ami , Kevin Moran , Denys Poshyvanyk , Adwait Nadkarni
An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing

Background: Static Application Security Testing (SAST) tools purport to assist developers in detecting security issues in source code. These tools typically use rule-based approaches to scan source code for security vulnerabilities.…

Software Engineering · Computer Science 2021-07-19 Roland Croft , Dominic Newlands , Ziyu Chen , M. Ali Babar
Learning Algorithms in Static Analysis of Web Applications

Web applications are distributed applications, they are programs that run on more than one computer and communicate through a network or server. This very distributed nature of web applications, combined with the scale and sheer complexity…

Cryptography and Security · Computer Science 2022-10-17 Akash Nagaraj , Bishesh Sinha , Mukund Sood , Yash Mathur , Sanchika Gupta , Dinkar Sitaram
A Smart and Defensive Human-Machine Approach to Code Analysis

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho
Evaluation of Static Analysis Tools for Finding Vulnerabilities in Java and C/C++ Source Code

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud
Static Application Security Testing (SAST) Tools for Smart Contracts: How Far Are We?

In recent years, the importance of smart contract security has been heightened by the increasing number of attacks against them. To address this issue, a multitude of static application security testing (SAST) tools have been proposed for…

Software Engineering · Computer Science 2024-07-02 Kaixuan Li , Yue Xue , Sen Chen , Han Liu , Kairan Sun , Ming Hu , Haijun Wang , Yang Liu , Yixiang Chen
A Static Analysis Platform for Investigating Security Trends in Repositories

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Software Engineering · Computer Science 2023-04-05 Tim Sonnekalb , Christopher-Tobias Knaust , Bernd Gruner , Clemens-Alexander Brust , Lynn von Kurnatowski , Andreas Schreiber , Thomas S. Heinze , Patrick Mäder
A Comprehensive Study on Static Application Security Testing (SAST) Tools for Android

To identify security vulnerabilities in Android applications, numerous static application security testing (SAST) tools have been proposed. However, it poses significant challenges to assess their overall performance on diverse…

Software Engineering · Computer Science 2024-10-29 Jingyun Zhu , Kaixuan Li , Sen Chen , Lingling Fan , Junjie Wang , Xiaofei Xie
Static Security Vulnerability Scanning of Proprietary and Open-Source Software: An Adaptable Process with Variants and Results

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick
Integrating DAST in Kanban and CI/CD: A Real World Security Case Study

Modern development methodologies, such as Kanban and continuous integration and continuous deployment (CI/CD), are critical for web application development -- as software products must adapt to changing requirements and deploy products to…

Software Engineering · Computer Science 2026-04-07 Arpit Thool , Chris Brown
Vulnerabilities Mapping based on OWASP-SANS: a Survey for Static Application Security Testing (SAST)

The delivery of a framework in place for secure application development is of real value for application development teams to integrate security into their development life cycle, especially when a mobile or web application moves past the…

Cryptography and Security · Computer Science 2020-07-07 Jinfeng Li
An Extensive Comparison of Static Application Security Testing Tools

Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Interestingly, several studies have suggested that alternative solutions may be…

Software Engineering · Computer Science 2024-03-15 Matteo Esposito , Valentina Falaschi , Davide Falessi
Deriving Static Security Testing from Runtime Security Protection for Web Applications

Context: Static Application Security Testing (SAST) and Runtime Application Security Protection (RASP) are important and complementary techniques used for detecting and enforcing application-level security policies in web applications.…

Programming Languages · Computer Science 2021-07-16 Angel Luis Scull Pupo , Jens Nicolay , Elisa Gonzalez Boix
Integration of Security Modules in Software Development Lifecycle Phases

Information protection is becoming a focal point for designing, creating and implementing software applications within highly integrated technology environments. The use of a safe coding technique in the software development process is…

Software Engineering · Computer Science 2020-12-11 Isaac Chin Eian , Lim Ka Yong , Majesty Yeap Xiao Li , Noor Affan Bin Noor Hasmaddi , Fatima-tuz-Zahra
Tracking the Evolution of Static Code Warnings: the State-of-the-Art and a Better Approach

Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code…

Software Engineering · Computer Science 2024-01-24 Junjie Li , Jinqiu Yang
Longitudinal Analyses of SAST Tools: A CodeQL Case Study

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel
Collaborative Application Security Testing for DevSecOps: An Empirical Analysis of Challenges, Best Practices and Tool Support

DevSecOps is a software development paradigm that places a high emphasis on the culture of collaboration between developers (Dev), security (Sec) and operations (Ops) teams to deliver secure software continuously and rapidly. Adopting this…

Software Engineering · Computer Science 2022-11-28 Roshan Namal Rajapakse , Mansooreh Zahedi , Muhammad Ali Babar
‹ Prev 1 2 3 10 Next ›