Add to ORKGStatic Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development for security assessment poses various technical and managerial challenges. In this work, we reported results from a case study of adopting SAST as a part of a human-driven security assessment process in an open-source e-government project. We described how SASTs are selected, evaluated, and combined into a novel approach and adopted by security experts for software security assessment. The approach was preliminarily evaluated using semi-structured interviews. Our results show that while some SAST tools out-perform others, it is possible to achieve better performa...
Software vulnerabilities are added into programs during its development. Architectural flaws are int...
This paper exposes different security threats posed to information in software agent systems. It des...
This work presents a methodological approach to comparison of static security code analyzers. It sub...
Static Application Security Testing Tools (SAST) is a security tool that claims to help with securit...
To improve the security of IT systems, companies can use automated security testing. In this thesis,...
Security testing is a widely applied measure to evaluate and improve software security by identifyin...
As the number of available static analysis security testing (SAST) tools grows, the more difficult i...
This slide deck covers the differences between static (SAST) and dynamic (DAST) application security...
In an effort to determine how to make secure software development more cost effective, the SEI condu...
Masteroppgave i informasjons- og kommunikasjonsteknologi IKT590 2012 – Universitetet i Agder, Grims...
The design of the techniques and algorithms used by the static, dynamic and interactive security tes...
Software security is a growing concern for all ICT organizations since security breaches continue to...
The present work aims to clarify the reliability of the Static Application Security Testing (SAST) ...
Abstract—Modern web applications play a pivotal role in our digital society. Motivated by the many s...
It’s a matter of time until newly developed software becomes a target for malicious users. They alwa...
Software vulnerabilities are added into programs during its development. Architectural flaws are int...
This paper exposes different security threats posed to information in software agent systems. It des...
This work presents a methodological approach to comparison of static security code analyzers. It sub...
Static Application Security Testing Tools (SAST) is a security tool that claims to help with securit...
To improve the security of IT systems, companies can use automated security testing. In this thesis,...
Security testing is a widely applied measure to evaluate and improve software security by identifyin...
As the number of available static analysis security testing (SAST) tools grows, the more difficult i...
This slide deck covers the differences between static (SAST) and dynamic (DAST) application security...
In an effort to determine how to make secure software development more cost effective, the SEI condu...
Masteroppgave i informasjons- og kommunikasjonsteknologi IKT590 2012 – Universitetet i Agder, Grims...
The design of the techniques and algorithms used by the static, dynamic and interactive security tes...
Software security is a growing concern for all ICT organizations since security breaches continue to...
The present work aims to clarify the reliability of the Static Application Security Testing (SAST) ...
Abstract—Modern web applications play a pivotal role in our digital society. Motivated by the many s...
It’s a matter of time until newly developed software becomes a target for malicious users. They alwa...
Software vulnerabilities are added into programs during its development. Architectural flaws are int...
This paper exposes different security threats posed to information in software agent systems. It des...
This work presents a methodological approach to comparison of static security code analyzers. It sub...