Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/76898
Title: Empirical comparison of the performance of popular vulnerability detection tools II
Authors: Yiu, Hong Sum
Keywords: DRNTU::Engineering::Computer science and engineering
Issue Date: 2019
Abstract: Vulnerability Detection tools are frequently known as the universal remedy to vulnerabilities in an application. However, these tools could only detect vulnerabilities that exist in the application codes that were written by the developers themselves. Today, developers used multiple open-source components to increase the efficiency of their development. These open-source components contain vulnerabilities that developers are unaware of. Software Composition Analysis tools were used to detect potential vulnerabilities that exist in these open-source components. The main problem was that there would always be a difference between different tools such as accuracy, efficiency, and ease of use. Thus, working with the wrong tool could potentially result in vulnerabilities left undetected for attackers to exploit. In this research, a further study was made to understand the difference between the Software Composition Analysis tools in terms of precision and coverage. A benchmarking approach was used to assess and evaluate the performance of Software Analysis Composition Tools built with different Continuous Integration Tools. The tools would give developers an understanding of how different libraries cause hidden vulnerabilities during the building stage. Results from this research would allow developers to have a clearer picture as to which tools suit the language and scenario they are involved in.
URI: http://hdl.handle.net/10356/76898
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
FYP_Final Report_Yiu Hong Sum.pdf
  Restricted Access
Insights from this research could help developers to determine which Software Composition Analysis tool(s) to use for their application.1.03 MBAdobe PDFView/Open

Page view(s)

136
Updated on Oct 17, 2021

Download(s) 50

38
Updated on Oct 17, 2021

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.