Open Access
ARTICLE
Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities
Juan R. Bermejo Higuera1, *, Javier Bermejo Higuera1, Juan A. Sicilia Montalvo1, Javier Cubo Villalba1, Juan José Nombela Pérez1
1 Escuela Superior de Ingeniería y Tecnología, Universidad Internacional de La Rioja, La Rioja, 26006, Spain.
* Corresponding Author: Juan R. Bermejo Higuera. Email: .
Computers, Materials & Continua 2020, 64(3), 1555-1577. https://doi.org/10.32604/cmc.2020.010885
Received 03 April 2020; Accepted 28 April 2020; Issue published 30 June 2020
Abstract
To detect security vulnerabilities in a web application, the security analyst
must choose the best performance Security Analysis Static Tool (SAST) in terms of
discovering the greatest number of security vulnerabilities as possible. To compare static
analysis tools for web applications, an adapted benchmark to the vulnerability categories
included in the known standard Open Web Application Security Project (OWASP) Top
Ten project is required. The information of the security effectiveness of a commercial
static analysis tool is not usually a publicly accessible research and the state of the art on
static security tool analyzers shows that the different design and implementation of those
tools has different effectiveness rates in terms of security performance. Given the
significant cost of commercial tools, this paper studies the performance of seven static
tools using a new methodology proposal and a new benchmark designed for vulnerability
categories included in the known standard OWASP Top Ten project. Thus, the
practitioners will have more precise information to select the best tool using a benchmark
adapted to the last versions of OWASP Top Ten project. The results of this work have
been obtaining using widely acceptable metrics to classify them according to three
different degree of web application criticality.
Keywords
Cite This Article
J. R. Bermejo Higuera, J. Bermejo Higuera, J. A. Sicilia Montalvo, J. Cubo Villalba and J. José Nombela Pérez, "Benchmarking approach to compare web applications static analysis tools detecting owasp top ten security vulnerabilities,"
Computers, Materials & Continua, vol. 64, no.3, pp. 1555–1577, 2020. https://doi.org/10.32604/cmc.2020.010885
Citations