Open Access iconOpen Access

ARTICLE

crossmark

Combinatorial Method with Static Analysis for Source Code Security in Web Applications

Juan Ramón Bermejo Higuera1, Javier Bermejo Higuera1, Juan Antonio Sicilia Montalvo1, Tomás Sureda Riera2, Christopher I. Argyros3, Á. Alberto Magreñán4,*

1 Escuela Superior de Ingeniería y Tecnología, Universidad Internacional de La Rioja, Logroño, La Rioja, 26006, Spain
2 Computer Science Department, University of Alcala, Madrid, 28801, Spain
3 Department of Computing and Technology, Cameron University, Lawton, 73505, Oklahoma, USA
4 Universidad de la Rioja, Logroño, La Rioja, 26006, Spain

* Corresponding Author: Á. Alberto Magreñán. Email: email

Computer Modeling in Engineering & Sciences 2021, 129(2), 541-565. https://doi.org/10.32604/cmes.2021.017213

Abstract

Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity. The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed. To utilize the possible synergies different static analysis tools may process, this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives. Specifically, five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses (OWASP TTSW). The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios. The findings show that simply including more tools in a combination is not synonymous with better results; it depends on the specific tools included in the combination due to their different designs and techniques.

Keywords


Cite This Article

APA Style
Higuera, J.R.B., Higuera, J.B., Montalvo, J.A.S., Riera, T.S., Argyros, C.I. et al. (2021). Combinatorial method with static analysis for source code security in web applications. Computer Modeling in Engineering & Sciences, 129(2), 541-565. https://doi.org/10.32604/cmes.2021.017213
Vancouver Style
Higuera JRB, Higuera JB, Montalvo JAS, Riera TS, Argyros CI, Magreñán ÁA. Combinatorial method with static analysis for source code security in web applications. Comput Model Eng Sci. 2021;129(2):541-565 https://doi.org/10.32604/cmes.2021.017213
IEEE Style
J.R.B. Higuera, J.B. Higuera, J.A.S. Montalvo, T.S. Riera, C.I. Argyros, and Á.A. Magreñán, “Combinatorial Method with Static Analysis for Source Code Security in Web Applications,” Comput. Model. Eng. Sci., vol. 129, no. 2, pp. 541-565, 2021. https://doi.org/10.32604/cmes.2021.017213



cc Copyright © 2021 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1858

    View

  • 1277

    Download

  • 0

    Like

Share Link