Este artigo foi apresentado no evento 12th European Dependable Computing Conference (EDCC), 2016

Agradecimentos: This work has been supported by FAPESP: São Paulo Research Foundation process n. 2013/178230, and by the project DEVASSES: DEsign, Verification and VAlidation of large-scale, dynamic Service SystEmS, funded by the European Union’s Seventh Framework Programme for research,...

Agradecimentos: This work has been supported by FAPESP: São Paulo Research Foundation process n. 2013/178230, and by the project DEVASSES: DEsign, Verification and VAlidation of large-scale, dynamic Service SystEmS, funded by the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no PIRSES-GA-2013-612569

Abstract: Coverage is frequently considered a metric of the quality of the tests and, consequently, of the software dependability. Although one tends to assume a similar relation in the context of vulnerability detection, such assumption is yet to be shown in practice. Although the effectiveness of...

Abstract: Coverage is frequently considered a metric of the quality of the tests and, consequently, of the software dependability. Although one tends to assume a similar relation in the context of vulnerability detection, such assumption is yet to be shown in practice. Although the effectiveness of vulnerability detection tools is limited and largely dependent on the context, developers usually select and use a single tool and implicitly trust on its results. In this practical experience report we study the relation between coverage measurements and the quality of the results of detection tests for injection vulnerabilities, in particular SQL Injection, considering two state of the art tools and multiple testing configurations. Such relation is of utmost importance for developers to understand how good vulnerability detectors are and to compare alternative tools. Results show that code coverage is indeed an effective mean to estimate the quality of vulnerability detection tests and is useful to compare different sets of tests. However, they also show that domain specific metrics are much more effective than generic ones

FUNDAÇÃO DE AMPARO À PESQUISA DO ESTADO DE SÃO PAULO - FAPESP

2013/17823-0

Fechado