Application security testing tools study and proposal

Nowadays the need for a shorter time-to-market of applications is evident. However, even though the time needed for developing them gets reduced, we still need to be able to deliver reliable and secure apps. This was already a challenging task, and it is even more so with the time restrictions and t...

ver descrição completa

Detalhes bibliográficos
Autor: Casanova Páez, Miro Michel
Formato: tesis de maestría
Fecha de publicación:2021
País:España
Recursos:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/126750
Acesso em linha:http://hdl.handle.net/10609/126750
Access Level:acceso abierto
Palavra-chave:SAST
DAST
security
seguridad
seguretat
Computer security -- TFM
Seguretat informàtica -- TFM
Seguridad informática -- TFM
Descrição
Resumo:Nowadays the need for a shorter time-to-market of applications is evident. However, even though the time needed for developing them gets reduced, we still need to be able to deliver reliable and secure apps. This was already a challenging task, and it is even more so with the time restrictions and the rapidly evolving technologies. Hidden flaws in software can result in security vulnerabilities that potentially allow attackers to compromise systems and applications. There are hackers and crackers who may be keeping an eye on our valuable personal information. Hence, these applications need to be secured and should be reliable since our private and important information or documents are stored on the back end of these n-tiered applications. Each year thousands of such vulnerabilities are reported publicly to the Common Vulnerabilities and Exposures database. These vulnerabilities are often caused by subtle errors made by programmers and can propagate quickly due to the prevalence of open-source software and code reuse. We are confronted with the dilemma of the need for speeding up the software development process while at the same time the requirement of delivering reliable and secure applications. There are many approaches for tackling this problem which range from adapting the software development process to more concrete technical solutions. In this TFM we will try to analyse the use of one or several automatized software tools for verifying whether the application under construction has the required level of security by detecting potential vulnerabilities or flaws that could cause an undesired misfunction. This approach addresses the detection of vulnerable code during the course of the software development cycle.