Abstract
In this paper we study the effect of integrating lightweight, open
source, static code security analysis tools using Ruby and shell scripts.
Particular emphasis is placed on the effect of tool usability by this
approach. By scripts simple analysis methods could be created so that used
tools themselves were able to remain completely hidden from the end user.
Scripts were used for automatically fetching the relevant source packages,
patching them to the right versions and running different analysis tools on
the target. Analysis cycle was fully automated and produced rough results of
the nature of flaws present in the source material. The overall user
experience and ease-of-use of the tools were improved considerably with the
pre-defined scripts. This improvement was distinct especially on the analysis
phase. With the scripts it was easy to have a cursory estimation of a general
risk-level of the target application. This estimation could later be used for
deciding further security analysis priorities or other things, dependent of
the tools and heuristics used.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Eighth International Network Conference |
| Pages | 169-177 |
| Publication status | Published - 2010 |
| MoE publication type | A4 Article in a conference publication |
| Event | Eighth International Network Conference, INC 2010 - Heidelberg, Germany Duration: 6 Jul 2010 → 8 Jul 2010 |
Conference
| Conference | Eighth International Network Conference, INC 2010 |
|---|---|
| Abbreviated title | INC 2010 |
| Country/Territory | Germany |
| City | Heidelberg |
| Period | 6/07/10 → 8/07/10 |
Keywords
- Security analysis
- user experience
- light-weight tools