Automated Classification of Static Code Analysis Alerts: A Case Study

2013 ◽  
Author(s):  
Ulas Yuksel ◽  
Hasan Sozer
Keyword(s):  
Automated Classification ◽  
Code Analysis ◽  
Static Code Analysis

A Case Study on Testing for Software Security

2012 ◽  
pp. 89-112
Author(s):  
Natarajan Meghanathan ◽  
Alexander Roy Geoghegan
Keyword(s):  
Software Security ◽  
Denial Of Service ◽  
Source Code ◽  
Code Analysis ◽  
Software Vulnerabilities ◽  
Static Code Analysis ◽  
Software Program ◽  
Automated Tools ◽  
High Level

The high-level contribution of this book chapter is to illustrate how to conduct static code analysis of a software program and mitigate the vulnerabilities associated with the program. The automated tools used to test for software security are the Source Code Analyzer and Audit Workbench, developed by Fortify, Inc. The first two sections of the chapter are comprised of (i) An introduction to Static Code Analysis and its usefulness in testing for Software Security and (ii) An introduction to the Source Code Analyzer and the Audit Workbench tools and how to use them to conduct static code analysis. The authors then present a detailed case study of static code analysis conducted on a File Reader program (developed in Java) using these automated tools. The specific software vulnerabilities that are discovered, analyzed, and mitigated include: (i) Denial of Service, (ii) System Information Leak, (iii) Unreleased Resource (in the context of Streams), and (iv) Path Manipulation. The authors discuss the potential risk in having each of these vulnerabilities in a software program and provide the solutions (and the Java code) to mitigate these vulnerabilities. The proposed solutions for each of these four vulnerabilities are more generic and could be used to correct such vulnerabilities in software developed in any other programming language.

scholarly journals APPLICATION OF MACHINE AND DEEP LEARNING STRATEGIES FOR THE CLASSIFICATION OF HERITAGE POINT CLOUDS

2019 ◽  
Vol XLII-4/W18 ◽  
pp. 447-454 ◽  
Author(s):  
E. Grilli ◽  
E. Özdemir ◽  
F. Remondino
Keyword(s):  
Deep Learning ◽  
Learning Strategies ◽  
Point Clouds ◽  
Learning Approaches ◽  
Automated Classification ◽  
Machine Learning Methods ◽  
3D Data ◽  
Classification Procedures

Abstract. The use of heritage point cloud for documentation and dissemination purposes is nowadays increasing. The association of semantic information to 3D data by means of automated classification methods can help to characterize, describe and better interpret the object under study. In the last decades, machine learning methods have brought significant progress to classification procedures. However, the topic of cultural heritage has not been fully explored yet. This paper presents a research for the classification of heritage point clouds using different supervised learning approaches (Machine and Deep learning ones). The classification is aimed at automatically recognizing architectural components such as columns, facades or windows in large datasets. For each case study and employed classification method, different accuracy metrics are calculated and compared.

scholarly journals Automated Code-Smell Detection in Microservices Through Static Analysis: A Case Study

2020 ◽  
Vol 10 (21) ◽  
pp. 7800
Author(s):  
Andrew Walker ◽  
Dipta Das ◽  
Tomas Cerny
Keyword(s):  
Distributed Applications ◽  
Code Smells ◽  
Typical Application ◽  
Code Analysis ◽  
Enterprise Application ◽  
Static Code Analysis ◽  
Code Smell ◽  
Complex Architecture ◽  
Microservice Architecture

Microservice Architecture (MSA) is becoming the predominant direction of new cloud-based applications. There are many advantages to using microservices, but also downsides to using a more complex architecture than a typical monolithic enterprise application. Beyond the normal poor coding practices and code smells of a typical application, microservice-specific code smells are difficult to discover within a distributed application setup. There are many static code analysis tools for monolithic applications, but tools to offer code-smell detection for microservice-based applications are lacking. This paper proposes a new approach to detect code smells in distributed applications based on microservices. We develop an MSANose tool to detect up to eleven different microservice specific code smells and share it as open-source. We demonstrate our tool through a case study on two robust benchmark microservice applications and verify its accuracy. Our results show that it is possible to detect code smells within microservice applications using bytecode and/or source code analysis throughout the development process or even before its deployment to production.

Sign in / Sign up

Export Citation Format

Share Document