An Effective Visual System for Static Analysis of Source Code

2012 ◽  
Vol 433-440 ◽  
pp. 5453-5458
Author(s):  
Ying Wan ◽  
Chuan Qi Tan ◽  
Zhi Gang Wang ◽  
Guo Qiang Wang ◽  
Xiao Jin Hong
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Physical Structure ◽  
Text Messages ◽  
Point Of View ◽  
Visualization System ◽  
Security Issues ◽  
Huge Data ◽  
Development Lifecycle ◽  
Software Development Lifecycle

In the software development lifecycle, code static analysis takes an important part in building secure software. To help discover the potential security issues in source code, large numbers of static analysis tools are developed. But the results generated by them display in the form of pure text, so it is time-consuming for developers to analyze these text messages, and it is difficult for developers to concentrate on the most interesting defects in huge data. In this paper, we have developed a visualization system oriented to Java source code, which presents the results in graphics from a developer’s point of view, to help developers to analysis code defects. A novel layout is proposed to visualize software source code in a hierarchy way, which shows the physical structure of the software. A visual overview and powerful interaction is provided in this system which allows the developer to focus on the most pressing defects within huge volumes of source code.

scholarly journals Choosing the Best-fit Lifecycle Framework while Addressing Functionality and Security Issues

10.29007/cfm3 ◽  
2019 ◽  
Author(s):  
Salman Faizi ◽  
Shawon Rahman
Keyword(s):  
Application Development ◽  
Software Application ◽  
Development Organization ◽  
Security Issues ◽  
Development Framework ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
The Right ◽  
Application Developers ◽  
Best Fit

Software application development must include implementation of core functionality along with secure coding to contain security vulnerabilities of applications. Considering the life cycle that a software application undergoes, application developers have many opportunities to include security starting from the very first stage of planning or requirement gathering. However, before even starting requirement gathering, the software application development team must select a framework to use for the application’s lifecycle. Based on the application and organizational characteristics, software application developers must select the best-fit framework for the lifecycle. A software application’s functionality and security start with picking the right lifecycle framework.When it comes to application development frameworks, one size does not fit all. Based on the characteristics of the application development organization such as the number of application developers involved, project budget and criticality, and the number of teams, one of the five frameworks will work better than others.Keywords: Software development lifecycle, software functionality, software security, application development, framework security

Measuring Security

2021 ◽  
pp. 1303-1330
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

Measuring Security

2018 ◽  
Vol 10 (1) ◽  
pp. 28-53
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters ◽  
Design And Testing

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

scholarly journals An Automated Framework for Testing Source Code Static Analysis Tools

2021 ◽  
Vol 33 (3) ◽  
pp. 41-50
Author(s):  
Damir Maratovich Gimatdinov ◽  
Alexander Yurievich Gerasimov ◽  
Petr Alekseevich Privalov ◽  
Veronika Nikolaevna Butkevich ◽  
Natalya Andreevna Chernova ◽  
...  
Keyword(s):  
Source Code ◽  
Automated Testing ◽  
Acceptance Testing ◽  
Testing Framework ◽  
Static Source ◽  
Analysis Tools ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Secure Software Development

Automated testing frameworks are widely used for assuring quality of modern software in secure software development lifecycle. Sometimes it is needed to assure quality of specific software and, hence specific approach should be applied. In this paper, we present an approach and implementation details of automated testing framework suitable for acceptance testing of static source code analysis tools. The presented framework is used for continuous testing of static source code analyzers for C, C++ and Python programs.

scholarly journals Generation and Visualization of Static Function Call Graph for Large C Codebases

2021 ◽  
Vol 10 (6) ◽  
pp. 1-6
Author(s):  
Sourabh S Badhya ◽  
◽  
Shobha G ◽  
Keyword(s):  
Software Development ◽  
Static Analysis ◽  
Software Systems ◽  
Call Graph ◽  
Analysis Methods ◽  
Development Lifecycle ◽  
Function Call ◽  
Software Development Lifecycle ◽  
The Many

As software systems evolve, there is a growing concern on how to manage and maintain a large codebase and fully understand all the modules present in it. Developers spend a significant amount of time analyzing dependencies before making any changes into codebases. Therefore, there is a growing need for applications which can easily make developers comprehend dependencies in large codebases. These applications must be able to analyze large codebases and must have the ability to identify all the dependencies, so that new developers can easily analyze the codebase and start making changes in short periods of time. Static analysis provides a means of analyzing dependencies in large codebases and is an important part of software development lifecycle. Static analysis has been proven to be extremely useful over the years in their ability to comprehend large codebases. Out of the many static analysis methods, this paper focuses on static function call graph (SFCG) which represents dependencies between functions in the form of a graph. This paper illustrates the feasibility of many tools which generate SFCG and locks in on Doxygen which is extremely reliant for large codebases. The paper also discusses the optimizations, issues and its corresponding solutions for Doxygen. Finally, this paper presents a way of representing SFCG which is easier to comprehend for developers.

A Case Study on Data Vulnerabilities in Software Development Lifecycle Model

2020 ◽  
pp. 13-32
Author(s):  
Syed Muzamil Basha ◽  
Ravi Kumar Poluru ◽  
J. Janet ◽  
S. Balakrishnan ◽  
D. Dharunya Santhosh ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
Sensitive Data ◽  
Customer Data ◽  
Critical Part ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
New Applications

Software security has become a very critical part of our lives. A software developer who has a fundamental understanding of software security can have an advantage in the workplace. In the massive Equifax breach that occurred in 2017 that exposed data of roughly 140 million people, attackers exploited a vulnerability in Apache Struts, CVE-2017-5638, which allows remote attackers to execute arbitrary commands when specially crafting user-controlled data in HTTP headers. Sensitive data exposure issues are essential to know to protect customer data. It is fascinating to understand how attackers can exploit application vulnerabilities to perform malicious activities. The authors also want the reader to be aware of the fact that we should always be thinking about how our applications handle user-controlled data so that we can put guards in place to minimize security issues in the development of new applications.

Is Static Analysis Able to Identify Unnecessary Source Code?

2020 ◽  
Vol 29 (1) ◽  
pp. 1-23
Author(s):  
Roman Haas ◽  
Rainer Niedermayr ◽  
Tobias Roehm ◽  
Sven Apel
Keyword(s):  
Static Analysis ◽  
Source Code

Mind and Chance

1987 ◽  
Vol 17 (3) ◽  
pp. 533-552 ◽  
Author(s):  
Christopher Gauker
Keyword(s):  
Mental States ◽  
Physical Structure ◽  
Point Of View ◽  
Sufficient Condition ◽  
Physical Similarity ◽  
Sensory Inputs ◽  
Structural History ◽  
The Subject

Much discussed but still unresolved is whether a subject's internal physical structure is a sufficient condition for his beliefs and desires. The question has sometimes been expressed as a question about microstructurally identical Doppelgänger. Imagine two subjects who are identical right down to the ions traversing the synapses. Their senses are stimulated in all the same ways, their bodies execute the same motions, and identical physical events mediate between the sensory inputs and the behavioral outputs. Must they have the very same beliefs and desires? Let us call the thesis that they must, internalism. The internalist may hold that a physical similarity less complete than this will also guarantee identity in beliefs and desires, but certainly, he holds, perfect identity of internal physical histories will suffice.Internalism will be opposed by those who sense that the nature of mentality is closely tied to the nature of explanation in terms of mental states and that in explaining a subject's behavior we cannot abstract, even in principle, from the character of the environment in which the subject is embedded. This essay offers a partial articulation of this point of view and shows how it conflicts with internalism. A consequence of the view to be described is that our attributions of belief must reflect the probabilistic regularities in the subject's environment. As we shall see, this consequence conflicts with internalism in two ways. The first conflict turns on the fact that there is no limit on the possible variety of such regularities. The second conflict turns on the fact that two subjects might by chance have the same micro-structural history though different probabilistic regularities obtain in their respective environments.

Sign in / Sign up

Export Citation Format

Share Document