Next Article in Journal
Performance Analysis of Thread Block Schedulers in GPGPU and Its Implications
Next Article in Special Issue
Detecting Vulnerabilities in Critical Infrastructures by Classifying Exposed Industrial Control Systems Using Deep Learning
Previous Article in Journal
Comparison of Fiber-to-Waveguide Couplers in Point Diffraction Interferometer Based on Waveguide Reference Wavefront Source
Previous Article in Special Issue
A Study on the Concept of Using Efficient Lightweight Hash Chain to Improve Authentication in VMF Military Standard
Article

On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

1
Escuela Superior de Ingeniería y Tecnología, Universidad Internacional de La Rioja, Avda. de La Paz 137, 26006 Logroño, La Rioja, Spain
2
Department of Computing and Technology, Cameron University, Lawton, OK 73505, USA
*
Authors to whom correspondence should be addressed.
Appl. Sci. 2020, 10(24), 9119; https://doi.org/10.3390/app10249119
Received: 1 December 2020 / Revised: 16 December 2020 / Accepted: 18 December 2020 / Published: 20 December 2020
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination. View Full-Text
Keywords: web application; security vulnerability; analysis security testing; static analysis security testing; dynamic analysis security testing; interactive analysis security testing; assessment methodology; false positive; false negative; tools combination web application; security vulnerability; analysis security testing; static analysis security testing; dynamic analysis security testing; interactive analysis security testing; assessment methodology; false positive; false negative; tools combination
Show Figures

Figure 1

MDPI and ACS Style

Mateo Tudela, F.; Bermejo Higuera, J.-R.; Bermejo Higuera, J.; Sicilia Montalvo, J.-A.; Argyros, M.I. On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Appl. Sci. 2020, 10, 9119. https://doi.org/10.3390/app10249119

AMA Style

Mateo Tudela F, Bermejo Higuera J-R, Bermejo Higuera J, Sicilia Montalvo J-A, Argyros MI. On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Applied Sciences. 2020; 10(24):9119. https://doi.org/10.3390/app10249119

Chicago/Turabian Style

Mateo Tudela, Francesc, Juan-Ramón Bermejo Higuera, Javier Bermejo Higuera, Juan-Antonio Sicilia Montalvo, and Michael I. Argyros 2020. "On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications" Applied Sciences 10, no. 24: 9119. https://doi.org/10.3390/app10249119

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop