Vulnerabilities mapping based on OWASP-SANS: A survey for static application security testing (SAST)

被引:0
作者
Li J. [1 ]
机构
[1] Department of Electrical and Electronic Engineering, Imperial College London, London
来源
Annals of Emerging Technologies in Computing | 2020年 / 4卷 / 03期
关键词
Application Security; Checkmarx; Malware Detection; OWASP Top 10; SANS Top 25; Static Application Security Testing; Vulnerability Mapping;
D O I
10.33166/AETiC.2020.03.001
中图分类号
学科分类号
摘要
The delivery of a framework in place for secure application development is of real value for application development teams to integrate security into their development life cycle, especially when a mobile or web application moves past the scanning stage and focuses increasingly on the remediation or mitigation phase based on static application security testing (SAST). For the first time, to the author’s knowledge, the industry-standard Open Web Application Security Project (OWASP) top 10 vulnerabilities and CWE/SANS top 25 most dangerous software errors are synced up in a matrix with Checkmarx vulnerability queries, producing an application security framework that helps development teams review and address code vulnerabilities, minimise false positives discovered in static scans and penetration tests, targeting an increased accuracy of the findings. A case study is conducted for vulnerabilities scanning of a proof-of-concept mobile malware detection app. Mapping the OWASP/SANS with Checkmarx vulnerabilities queries, flaws and vulnerabilities are demonstrated to be mitigated with improved efficiency. © 2020 by the author.
引用
收藏
页码:1 / 8
页数:7
相关论文
共 21 条
[1]  
Ahmad U., Chaudhary J., Ahmad M., Naz A.A., Survey on Internet of Things (IoT) for Different Industry Environments, Annals of Emerging Technologies in Computing (AETiC), 3, 3, pp. 28-43, (2019)
[2]  
Guo X. Y., Li J. F., A Novel Twitter Sentiment Analysis Model with Baseline Correlation for Financial Market Prediction with Improved Efficiency, Proceedings of the Sixth International Conference on Social Networks Analysis, Management and Security (SNAMS), pp. 472-477, (2019)
[3]  
Li J. F., Xu H., Chu D.P., Design of liquid crystal based coplanar waveguide tunable phase shifter with no floating electrodes for 60–90 GHz applications, Proceedings of the 2016 46th European Microwave Conference (EuMC), pp. 1047-1050, (2016)
[4]  
Li J. F., Chu D.P., Liquid crystal-based enclosed coplanar waveguide phase shifter for 54–66 GHz applications, Crystals, 9, 12, (2019)
[5]  
Li J. F., Structure and Optimisation of Liquid Crystal based Phase Shifter for Millimetre-wave Applications, (2019)
[6]  
Miraz M. H., Ali M., Applications of Blockchain Technology beyond Cryptocurrency, Annals of Emerging Technologies in Computing (AETiC), 2, 1, pp. 1-6, (2018)
[7]  
Excell Peter S., The British Electronics and Computing Industries: Past, Present and Future, Annals of Emerging Technologies in Computing (AETiC), 2, 3, pp. 45-52, (2018)
[8]  
Medeiros I., Neves N., Correia M., Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining, IEEE Transactions on Reliability, 65, 1, pp. 54-69, (2016)
[9]  
Shakdher A., Agrawal S., Yang B., Security Vulnerabilities in Consumer IoT Applications, 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pp. 1-6, (2019)
[10]  
Lin Y., Huang C., Wright M., Kambourakis G., Mobile Application Security, Computer, 47, 6, pp. 21-23, (2014)
123