Springe direkt zu Inhalt

Improving prioritization of software weaknesses using security models with AVUS

Stephan Renatus and Corrie Bartelheimer and Jörn Eichler – 2015

Testing tools for application security have become an integral part of secure development life-cycles. Despite their ability to spot important software weaknesses, the high number of findings require rigorous prioritization in many environments. Most testing tools provide generic ratings to support prioritization. Unfortunately, ratings from established tools lack context information especially with regard to the security requirements of respective components or source code. Thus experts often spend a great deal of time re-assessing the prioritization provided by these tools. This paper introduces our lightweight tool AVUS that adjusts context-free ratings of software weaknesses according to a user-defined security model. We also present a first evaluation applying AVUS to a well-known open source project and the findings of a popular, commercially available application security testing tool.

Titel
Improving prioritization of software weaknesses using security models with AVUS
Verfasser
Stephan Renatus and Corrie Bartelheimer and Jörn Eichler
Verlag
IEEE
Datum
2015
Erschienen in
Proceedings of the 15th IEEE International Working Conference on Source Code Analysis and Manipulation
Art
Text