{"title":"SSVChecker: unifying static security vulnerability detection tools in an Eclipse plug-in","authors":"J. Dehlinger, Qian Feng, Lan Hu","doi":"10.1145/1188835.1188842","DOIUrl":null,"url":null,"abstract":"The increasing complexity of secure software applications has given rise to static analysis security tools to alert developers to potential security flaws within source code. However, these static security vulnerability detection tools tend to be difficult to use and are not integrated with common software development environments. The contribution of this work is SSVChecker, an Eclipse plug-in that unifies existing static security vulnerability detection tools into a powerful, intuitive tool. We make three fundamental claims for SSVChecker. First, it contains functionality not found in other static security vulnerability detection tools (e.g., union and intersection of multiple tool results). Second, the tool can adapt to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities. Lastly, it operates on a user-friendly, generic framework allowing for the inclusion of future static security vulnerability detection tools. To illustrate these claims, we use SSVChecker on a security-sensitive networking package. Results show the benefits of the tool in identifying potential security vulnerabilities.","PeriodicalId":297590,"journal":{"name":"Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1188835.1188842","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
The increasing complexity of secure software applications has given rise to static analysis security tools to alert developers to potential security flaws within source code. However, these static security vulnerability detection tools tend to be difficult to use and are not integrated with common software development environments. The contribution of this work is SSVChecker, an Eclipse plug-in that unifies existing static security vulnerability detection tools into a powerful, intuitive tool. We make three fundamental claims for SSVChecker. First, it contains functionality not found in other static security vulnerability detection tools (e.g., union and intersection of multiple tool results). Second, the tool can adapt to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities. Lastly, it operates on a user-friendly, generic framework allowing for the inclusion of future static security vulnerability detection tools. To illustrate these claims, we use SSVChecker on a security-sensitive networking package. Results show the benefits of the tool in identifying potential security vulnerabilities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
