Table of Content

Open Access iconOpen Access

ARTICLE

crossmark

Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities

by Juan R. Bermejo Higuera, Javier Bermejo Higuera, Juan A. Sicilia Montalvo, Javier Cubo Villalba, Juan José Nombela Pérez

1 Escuela Superior de Ingeniería y Tecnología, Universidad Internacional de La Rioja, La Rioja, 26006, Spain.

* Corresponding Author: Juan R. Bermejo Higuera. Email: email.

Computers, Materials & Continua 2020, 64(3), 1555-1577. https://doi.org/10.32604/cmc.2020.010885

Abstract

To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance. Given the significant cost of commercial tools, this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project. Thus, the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project. The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.

Keywords


Cite This Article

APA Style
R. Bermejo Higuera, J., Bermejo Higuera, J., A. Sicilia Montalvo, J., Cubo Villalba, J., José Nombela Pérez, J. (2020). Benchmarking approach to compare web applications static analysis tools detecting OWASP top ten security vulnerabilities. Computers, Materials & Continua, 64(3), 1555-1577. https://doi.org/10.32604/cmc.2020.010885
Vancouver Style
R. Bermejo Higuera J, Bermejo Higuera J, A. Sicilia Montalvo J, Cubo Villalba J, José Nombela Pérez J. Benchmarking approach to compare web applications static analysis tools detecting OWASP top ten security vulnerabilities. Comput Mater Contin. 2020;64(3):1555-1577 https://doi.org/10.32604/cmc.2020.010885
IEEE Style
J. R. Bermejo Higuera, J. Bermejo Higuera, J. A. Sicilia Montalvo, J. Cubo Villalba, and J. José Nombela Pérez, “Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities,” Comput. Mater. Contin., vol. 64, no. 3, pp. 1555-1577, 2020. https://doi.org/10.32604/cmc.2020.010885

Citations




cc Copyright © 2020 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 4630

    View

  • 2489

    Download

  • 0

    Like

Share Link