The effect of pre-written scripts on the use of simple software security analysis tools

Matti Mantere, Kaarina Karppinen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review


In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically fetching the relevant source packages, patching them to the right versions and running different analysis tools on the target. Analysis cycle was fully automated and produced rough results of the nature of flaws present in the source material. The overall user experience and ease-of-use of the tools were improved considerably with the pre-defined scripts. This improvement was distinct especially on the analysis phase. With the scripts it was easy to have a cursory estimation of a general risk-level of the target application. This estimation could later be used for deciding further security analysis priorities or other things, dependent of the tools and heuristics used.
Original languageEnglish
Title of host publicationProceedings of the Eighth International Network Conference
Publication statusPublished - 2010
MoE publication typeA4 Article in a conference publication
EventEighth International Network Conference, INC 2010
- Heidelberg, Germany
Duration: 6 Jul 20108 Jul 2010


ConferenceEighth International Network Conference, INC 2010
Abbreviated titleINC 2010


  • Security analysis
  • user experience
  • light-weight tools


Dive into the research topics of 'The effect of pre-written scripts on the use of simple software security analysis tools'. Together they form a unique fingerprint.

Cite this