Coverage metrics and detection of injection vulnerabilities : an experimental study
ARTIGO
Inglês
Este artigo foi apresentado no evento 12th European Dependable Computing Conference (EDCC), 2016
Agradecimentos: This work has been supported by FAPESP: São Paulo Research Foundation process n. 2013/178230, and by the project DEVASSES: DEsign, Verification and VAlidation of large-scale, dynamic Service SystEmS, funded by the European Union’s Seventh Framework Programme for research,...
Agradecimentos: This work has been supported by FAPESP: São Paulo Research Foundation process n. 2013/178230, and by the project DEVASSES: DEsign, Verification and VAlidation of large-scale, dynamic Service SystEmS, funded by the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no PIRSES-GA-2013-612569
Abstract: Coverage is frequently considered a metric of the quality of the tests and, consequently, of the software dependability. Although one tends to assume a similar relation in the context of vulnerability detection, such assumption is yet to be shown in practice. Although the effectiveness of...
Abstract: Coverage is frequently considered a metric of the quality of the tests and, consequently, of the software dependability. Although one tends to assume a similar relation in the context of vulnerability detection, such assumption is yet to be shown in practice. Although the effectiveness of vulnerability detection tools is limited and largely dependent on the context, developers usually select and use a single tool and implicitly trust on its results. In this practical experience report we study the relation between coverage measurements and the quality of the results of detection tests for injection vulnerabilities, in particular SQL Injection, considering two state of the art tools and multiple testing configurations. Such relation is of utmost importance for developers to understand how good vulnerability detectors are and to compare alternative tools. Results show that code coverage is indeed an effective mean to estimate the quality of vulnerability detection tests and is useful to compare different sets of tests. However, they also show that domain specific metrics are much more effective than generic ones
FUNDAÇÃO DE AMPARO À PESQUISA DO ESTADO DE SÃO PAULO - FAPESP
2013/17823-0
Fechado
DOI: https://doi.org/10.1109/EDCC.2016.32
Texto completo: https://ieeexplore.ieee.org/document/7780344
Coverage metrics and detection of injection vulnerabilities : an experimental study
Coverage metrics and detection of injection vulnerabilities : an experimental study
Fontes
Proceedings of the 12th European Dependable Computing Conference Piscataway, NJ : Institute of Electrical and Electronics Engineers, 2016. p. 45-52 |