The effect of pre-written scripts on the use of simple software security analysis tools

Matti Mantere, Kaarina Karppinen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically fetching the relevant source packages, patching them to the right versions and running different analysis tools on the target. Analysis cycle was fully automated and produced rough results of the nature of flaws present in the source material. The overall user experience and ease-of-use of the tools were improved considerably with the pre-defined scripts. This improvement was distinct especially on the analysis phase. With the scripts it was easy to have a cursory estimation of a general risk-level of the target application. This estimation could later be used for deciding further security analysis priorities or other things, dependent of the tools and heuristics used.
Original languageEnglish
Title of host publicationProceedings of the Eighth International Network Conference
Pages169-177
Publication statusPublished - 2010
MoE publication typeA4 Article in a conference publication
EventEighth International Network Conference, INC 2010
- Heidelberg, Germany
Duration: 6 Jul 20108 Jul 2010

Conference

ConferenceEighth International Network Conference, INC 2010
Abbreviated titleINC 2010
CountryGermany
CityHeidelberg
Period6/07/108/07/10

Fingerprint

Ruby
Defects

Keywords

  • Security analysis
  • user experience
  • light-weight tools

Cite this

Mantere, M., & Karppinen, K. (2010). The effect of pre-written scripts on the use of simple software security analysis tools. In Proceedings of the Eighth International Network Conference (pp. 169-177)
Mantere, Matti ; Karppinen, Kaarina. / The effect of pre-written scripts on the use of simple software security analysis tools. Proceedings of the Eighth International Network Conference. 2010. pp. 169-177
@inproceedings{9bff0a1790dd4ea0996b16bc583ce05b,
title = "The effect of pre-written scripts on the use of simple software security analysis tools",
abstract = "In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically fetching the relevant source packages, patching them to the right versions and running different analysis tools on the target. Analysis cycle was fully automated and produced rough results of the nature of flaws present in the source material. The overall user experience and ease-of-use of the tools were improved considerably with the pre-defined scripts. This improvement was distinct especially on the analysis phase. With the scripts it was easy to have a cursory estimation of a general risk-level of the target application. This estimation could later be used for deciding further security analysis priorities or other things, dependent of the tools and heuristics used.",
keywords = "Security analysis, user experience, light-weight tools",
author = "Matti Mantere and Kaarina Karppinen",
note = "Project code: 35272",
year = "2010",
language = "English",
isbn = "978-1-84102-259-8",
pages = "169--177",
booktitle = "Proceedings of the Eighth International Network Conference",

}

Mantere, M & Karppinen, K 2010, The effect of pre-written scripts on the use of simple software security analysis tools. in Proceedings of the Eighth International Network Conference. pp. 169-177, Eighth International Network Conference, INC 2010
, Heidelberg, Germany, 6/07/10.

The effect of pre-written scripts on the use of simple software security analysis tools. / Mantere, Matti; Karppinen, Kaarina.

Proceedings of the Eighth International Network Conference. 2010. p. 169-177.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - The effect of pre-written scripts on the use of simple software security analysis tools

AU - Mantere, Matti

AU - Karppinen, Kaarina

N1 - Project code: 35272

PY - 2010

Y1 - 2010

N2 - In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically fetching the relevant source packages, patching them to the right versions and running different analysis tools on the target. Analysis cycle was fully automated and produced rough results of the nature of flaws present in the source material. The overall user experience and ease-of-use of the tools were improved considerably with the pre-defined scripts. This improvement was distinct especially on the analysis phase. With the scripts it was easy to have a cursory estimation of a general risk-level of the target application. This estimation could later be used for deciding further security analysis priorities or other things, dependent of the tools and heuristics used.

AB - In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically fetching the relevant source packages, patching them to the right versions and running different analysis tools on the target. Analysis cycle was fully automated and produced rough results of the nature of flaws present in the source material. The overall user experience and ease-of-use of the tools were improved considerably with the pre-defined scripts. This improvement was distinct especially on the analysis phase. With the scripts it was easy to have a cursory estimation of a general risk-level of the target application. This estimation could later be used for deciding further security analysis priorities or other things, dependent of the tools and heuristics used.

KW - Security analysis

KW - user experience

KW - light-weight tools

M3 - Conference article in proceedings

SN - 978-1-84102-259-8

SP - 169

EP - 177

BT - Proceedings of the Eighth International Network Conference

ER -

Mantere M, Karppinen K. The effect of pre-written scripts on the use of simple software security analysis tools. In Proceedings of the Eighth International Network Conference. 2010. p. 169-177