Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital

机译：静态应用程序安全测试工具的神话与事实：Telenor Digital的一项行动研究

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

It is claimed that integrating agile and security in practice is challenging. There is the notion that security is a heavy process, requires expertise, and consumes developers' time. These contrast with the agile vision. Regardless of these challenges, it is important for organizations to address security within their agile processes since critical assets must be protected against attacks. One way is to integrate tools that could help to identify security weaknesses during implementation and suggest methods to refactor them. We used quantitative and qualitative approaches to investigate the efficiency of the tools and what they mean to the actual users (i.e. developers) at Telenor Digital. Our findings, although not surprising, show that several barriers exist both in terms of tool's performance and developers' perceptions. We suggest practical ways for improvement.

机译：据称，在实践中整合敏捷和安全性具有挑战性。有人认为安全性是一个繁重的过程，需要专业知识，并且会消耗开发人员的时间。这些与敏捷愿景形成鲜明对比。无论面临这些挑战，组织都必须在其敏捷过程中解决安全问题，因为必须保护关键资产免受攻击。一种方法是集成工具，这些工具可以帮助在实施过程中识别安全漏洞并提出重构方法。我们使用定量和定性方法来研究工具的效率以及它们对Telenor Digital的实际用户（即开发人员）的意义。我们的发现尽管不足为奇，但表明在工具性能和开发人员的感知方面都存在一些障碍。我们建议实用的改进方法。

著录项

来源
《Agile processes in software engineering and extreme programming》|2018年|86-103|共18页
会议地点 Porto(PT)
作者
Tosin Daniel Oyetoyan; Bisera Milosheska; Mari Grini; Daniela Soares Cruzes;
展开▼
作者单位

Department of Software Engineering, Safety and Security, SINTEF Digital, Trondheim, Norway;

Telenor Digital, Oslo, Norway;

Telenor Digital, Oslo, Norway;

Department of Software Engineering, Safety and Security, SINTEF Digital, Trondheim, Norway;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
Security defects; Agile; Static analysis Static application security testing; Software security;

机译：安全缺陷；敏捷;静态分析静态应用程序安全性测试；软件安全性;

相似文献

外文文献
专利

1. An empirical study of security warnings from static application security testing tools [J] . Aloraini Bushra, Nagappan Meiyappan, German Daniel M., The Journal of Systems and Software . 2019,第Deca期

机译：来自静态应用程序安全性测试工具的安全性警告的实证研究
2. Static application security testing tools [J] . Lindsay Brooke Automotive engineering . 2017,第4期

机译：静态应用安全测试工具
3. Static analysis of source code security: Assessment of tools against SAMATE tests [J] . Gabriel Diaz, Juan Ramon Bermejo Information and software technology . 2013,第8期

机译：静态分析源代码安全性：评估针对SAMATE测试的工具
4. Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital [C] . Tosin Daniel Oyetoyan, Bisera Milosheska, Mari Grini, International conference on agile processes in software engineering and extreme programming . 2018

机译：关于静态应用安全测试工具的神话和事实：Telenor Digital的动作研究
5. Fast static test compaction and its application to test generation for synchronous sequential circuits. [D] . Guo, Ruifeng. 2000

机译：快速静态测试压缩及其在同步时序电路的测试生成中的应用。
6. On the Myths of Indicator Species: Issues and Further Consideration in the Use of Static Concepts for Ecological Applications [O] . Michael L. Zettler, C. Edward Proffitt, Alexander Darr, -1

机译：指标物种神话：静态概念在生态学应用中的问题和进一步考虑
7. On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications [O] . Francesc Mateo Tudela, Juan-Ramón Bermejo Higuera, Javier Bermejo Higuera, 2020

机译：组合静态，动态和交互式分析安全测试工具在Web应用程序中提高OWASP十大安全漏洞检测
8. APPLICATION OF APPLIED LOAD RATIO STATIC TEST SIMULATION TECHNIQUES TO FULL-SCALE STRUCTURES;VOL. I, METHODS OF ANALYSIS AND DIGITAL COMPUTER PROGRAMS [R] . R. W. Gehring 1965

机译：应用荷载比静态试验模拟技术在全尺寸结构中的应用。 I，分析方法和数字计算机程序

Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital

摘要

著录项

相似文献

相关主题

期刊订阅