Practical Evaluation of Static Analysis Tools for Cryptography: Benchmarking Method and Case Study

Detecting security vulnerabilities with static analysis – A case study

Pollack Periodica ◽

10.1556/606.2021.00454 ◽

2021 ◽

Keyword(s):

Open Source ◽

Static Analysis ◽

Source Code ◽

Performance Comparison ◽

Test Suite ◽

Study Analysis ◽

Security Vulnerabilities ◽

Analysis Tools ◽

A Performance

Abstract Many security vulnerabilities can be detected by static analysis. This paper is a case study and a performance comparison of four open-source static analysis tools and plugins (PMD, SpotBugs, Find Security Bugs, and SonarQube) on Java source code. Experiments have been conducted on the widely used Juliet Test Suite with respect to six selected weaknesses from the official Top 25 list of Common Weakness Enumeration. In this study, analysis metrics have been calculated for helping Java developers decide which tools can be used when checking their programs for security vulnerabilities. It turned out that particular weaknesses are best detected with particular tools.

Download Full-text

A case study comparing static analysis tools for evaluating SwiftUI projects

Journal of Physics Conference Series ◽

10.1088/1742-6596/2134/1/012022 ◽

2021 ◽

Vol 2134 (1) ◽

pp. 012022

Author(s):

Gerald Birgen Imbugwa ◽

Luiz Jonatã Pires de Araújo ◽

Mansur Khazeev ◽

Ewane Enombe ◽

Harrif Saliu ◽

...

Keyword(s):

User Interface ◽

Programming Languages ◽

Static Analysis ◽

Real World ◽

Mobile Applications ◽

Declarative Programming ◽

Analysis Tools

Abstract Declarative programming languages such as SwiftUI have gained increasing relevance for user interface implementation in mobile applications. A tool for evaluating and improving the quality of such projects is static analysis (SA). This study compares the usefulness of two of the most popular SA tools (SonarQube and Codacy) for evaluating real-world SwiftUI projects. Moreover, it recommends setup and adjustments to promote SA tools for SwiftUI projects that can be extended to other languages.

Download Full-text

Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽

10.1186/s42400-021-00083-9 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Roee S. Leon ◽

Michael Kiperberg ◽

Anat Anatey Leon Zabag ◽

Nezer Jacob Zaidenberg

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Cyber Security ◽

Malware Analysis ◽

Analysis Tools ◽

Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Download Full-text