Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions

Jump to navigation Jump to search
← Older editNewer edit →
Line 54: Line 54:


Meneely et al. use developer activity metrics to evaluate and predict vulnerable software components<sup>[8]</sup>.  Developer activity metrics measure the amount of interaction occurs between developers by analyzing which files developers have touched within a small time period. These researchers performed an empirical case study on Red Hat Enterprise Linux 4 kernel and found that files developed by otherwise independent developer groups were more likely to contain a vulnerability.  They also discovered that files with changes from nine or more developers were more likely to have a vulnerability than files changed by fewer than nine developers.
Meneely et al. use developer activity metrics to evaluate and predict vulnerable software components<sup>[8]</sup>.  Developer activity metrics measure the amount of interaction occurs between developers by analyzing which files developers have touched within a small time period. These researchers performed an empirical case study on Red Hat Enterprise Linux 4 kernel and found that files developed by otherwise independent developer groups were more likely to contain a vulnerability.  They also discovered that files with changes from nine or more developers were more likely to have a vulnerability than files changed by fewer than nine developers.
Shin and Williams<sup>[13]</sup> investigated the relationship between classical complexity metrics and vulnerabilities.  Shin and Williams performed an empirical case study on the JavaScript Engine in the Mozilla application framework and discovered that nine complexity measures such as McCabe's cyclomatic complexity and nesting are weakly correlated with the number of vulnerabilities.  These researchers indicate that complexity measures could be used as a predictor of security vulnerabilities in an application, but that other measures of complexity should be developed that more accurately capture the type of complexity that leads to security issues.
Shin, et al. <sup>[12]</sup> investigated whether complexity, code churn, and developer activity metrics could be used as effective discriminators of software vulnerabilities in two widely-used, open source projects.  Shin et al. found that 24 of the 28 metrics they investigated were discriminative of vulnerabilities.  Shin et al. found that using all three types of metrics together allowed the production of a model that predicted 80% of the known vulnerable files with less than 25% false positives for both projects.
Other authors have compared the security posture of applications by using static analysis alerts as a proxy measurement of reported vulnerabilities. Walden et al. <sup>[16]</sup> compare the security posture of web applications using PHP and web applications that use Java.  Walden et al. introduce a security metric, CVD: the common vulnerability density.  These researchers define CVD as the density per line of code for four different vulnerability types that are common to both Java and PHP.  Walden et al. used the Fortify static analysis tool to gather the reported values of CVD for two revisions of 11 projects.  They found that although PHP had a higher value for CVD on all of the projects, CVD was decreasing more quickly overall in the measured PHP projects than in the Java projects.


== 4. Methodology ==
== 4. Methodology ==
Retrieved from "https://bw.kn1.us/wiki/index.php?title=Using_SQL_Hotspots_in_a_Prioritization_Heuristic_for_Detecting_All_Types_of_Web_Application_Vulnerabilities"