Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST)-Reference-Cited by-同舟云学术

Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST)

Published:2020-07-01 Issue:3 Volume:4 Page:1-8
ISSN:2516-029X
Container-title:Annals of Emerging Technologies in Computing
language:en
Short-container-title:AETiC

Author:

Li Jinfeng

Abstract

The delivery of a framework in place for secure application development is of real value for application development teams to integrate security into their development life cycle, especially when a mobile or web application moves past the scanning stage and focuses increasingly on the remediation or mitigation phase based on static application security testing (SAST). For the first time, to the author’s knowledge, the industry-standard Open Web Application Security Project (OWASP) top 10 vulnerabilities and CWE/SANS top 25 most dangerous software errors are synced up in a matrix with Checkmarx vulnerability queries, producing an application security framework that helps development teams review and address code vulnerabilities, minimise false positives discovered in static scans and penetration tests, targeting an increased accuracy of the findings. A case study is conducted for vulnerabilities scanning of a proof-of-concept mobile malware detection app. Mapping the OWASP/SANS with Checkmarx vulnerabilities queries, flaws and vulnerabilities are demonstrated to be mitigated with improved efficiency.

Publisher

International Association for Educators and Researchers (IAER)

Subject

Electrical and Electronic Engineering,General Computer Science

Reference21 articles.

1. Ahmad U., Chaudhary J., Ahmad M. and Naz A.A., "Survey on Internet of Things (IoT) for Different Industry Environments", Annals of Emerging Technologies in Computing (AETiC), vol. 3, no. 3, July 2019, pp. 28–43. Available: http://aetic.theiaer.org/archive/v3/v3n3/p4.html

2. Guo X. Y. and Li J. F., "A Novel Twitter Sentiment Analysis Model with Baseline Correlation for Financial Market Prediction with Improved Efficiency", in Proceedings of the Sixth International Conference on Social Networks Analysis, Management and Security (SNAMS), Granada, Spain, Oct. 2019, pp. 472–477. Available: https://ieeexplore.ieee.org/document/8931720

3. Li J. F., Xu H. and Chu D.P., "Design of liquid crystal based coplanar waveguide tunable phase shifter with no floating electrodes for 60–90 GHz applications", in Proceedings of the 2016 46th European Microwave Conference (EuMC), London, 2016, pp. 1047–1050. Available: https://ieeexplore.ieee.org/document/7824526

4. Li J. F. and Chu D.P., "Liquid crystal-based enclosed coplanar waveguide phase shifter for 54–66 GHz applications", Crystals, vol. 9, 12, 650, December 2019. Available: https://doi.org/10.3390/cryst9120650

5. Li J. F., "Structure and Optimisation of Liquid Crystal based Phase Shifter for Millimetre-wave Applications", Doctoral thesis, University of Cambridge, UK, January 2019. Available: https://doi.org/10.17863/CAM.35704

Cited by 24 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Distributed web hacking by adaptive consensus-based reinforcement learning;Artificial Intelligence;2024-01

2. Security in Cloud-Native Services: A Survey;Journal of Cybersecurity and Privacy;2023-10-26

3. SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic;Electronics;2023-05-30

4. Swipe gestures for user authentication in smartphones;Journal of Information Security and Applications;2023-05

5. Detection of Vulnerabilities by Incorrect Use of Variable Using Machine Learning;Electronics;2023-03-02