The effect of pre-written scripts on the use of simple software security analysis tools

Matti Mantere, Kaarina Karppinen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically fetching the relevant source packages, patching them to the right versions and running different analysis tools on the target. Analysis cycle was fully automated and produced rough results of the nature of flaws present in the source material. The overall user experience and ease-of-use of the tools were improved considerably with the pre-defined scripts. This improvement was distinct especially on the analysis phase. With the scripts it was easy to have a cursory estimation of a general risk-level of the target application. This estimation could later be used for deciding further security analysis priorities or other things, dependent of the tools and heuristics used.
Original languageEnglish
Title of host publicationProceedings of the Eighth International Network Conference
Pages169-177
Publication statusPublished - 2010
MoE publication typeA4 Article in a conference publication
EventEighth International Network Conference, INC 2010
- Heidelberg, Germany
Duration: 6 Jul 20108 Jul 2010

Conference

ConferenceEighth International Network Conference, INC 2010
Abbreviated titleINC 2010
CountryGermany
CityHeidelberg
Period6/07/108/07/10

    Fingerprint

Keywords

  • Security analysis
  • user experience
  • light-weight tools

Cite this

Mantere, M., & Karppinen, K. (2010). The effect of pre-written scripts on the use of simple software security analysis tools. In Proceedings of the Eighth International Network Conference (pp. 169-177)